Securing wireless networks has been a headache for broadband users for years now.  I wanted to write a short blog on how the average home user or small business can secure their wireless network and keep moochers and even more malicious users at bay.

Your Not Secure Out Of The Gate

Most users think just having a router is an automatic shield after listening to various media stories praise routers for their firewall abilities.  This is not the case.  Most routers you purchase at your local electronics store (Best Buy, Wal-Mart etc.) is not secure when you first plug it in. Routers are normally pre-configured to be open wireless access points.  This means anyone within its range will be able to use your connection, no questions asked.  This is done to make setup easy and compatible with most operating systems.  The only problem is it leaves your network open to attack.

The very first thing you’ll want to is login to your router’s administration panel.  This is done by typing in a 192.168.x.x address into your browsers address bar.  The actual number varies by router manufacturer, look in your user guide or online to find the local IP address for your router.  Linksys for example is 192.168.1.1.  The manufacturer sets very easy non-secure passwords.  These are easily found online as well as in your user guide and if left unchanged will make your network exceptionally vulnerable.  You’ll want to change the password to your router right away.  Make sure it is a secure password of at least six characters and preferably with upper and lowercase letters and numbers.

Bad Advice From GeekSquad

Local sales associates at places like Best Buy are often clueless on network security and sometimes offer up misleading advice.  Here are some steps that aren’t harmful, but mostly just a waste of time because they don’t secure your network.

• Turning off your SSID broadcast. - The SSID (Service Set Identifier) is an identifier broadcast by a wireless router.  You might know this as your network name.  Most routers default SSID broadcast is the manufacturers name (linksys, netgear etc.)  Turning this off does nothing to protect your network.  With the proper software, a malicious user could easily spot your networks presence even with the SSID off.  It is a false sense of security.   Changing the network name won’t make you more secure either, though I would recommend doing it.  Just make sure you SSID isn’t identifiable making it easy for outside users to know where the network is located (i.e. last name, home address are all no no’s)
• Turning DHCP Off - This in theory is a good idea but really doesn’t make you more secure.  It is easy to detect the method in which ip addresses are being assigned and make a request matching that method.
• Filtering MAC Addresses – Filtering MAC addresses is a good practice to get into, but for most households and businesses it causes more headache than what it’s worth.  For homes with many devices on the network like game systems, multiple computers and cell phones, filtering MAC addresses simply isn’t practical.  That being said, a malicious user with easily attainable monitoring software can replicate a MAC address and still penetrate your network.  This method has some value for keeping the average user off the network but will crumble with ease against advanced computer users.

What You Should Do

The easiest thing you can do to secure your network is protect your wireless access point with encryption.  There are two different kinds of encryption you can use.  One is known as Wired Equivalent Privacy or WEP. This encryption is better than nothing but it does have a huge problem.

Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software found online within minutes. — Source:  Wikipedia

WEP can be easily cracked within minutes therefore it should not be your first choice, though it is better than having no encryption at all.  It will keep your pesky neighbors with no computer skills from using your bandwidth, but even the most novice 13 year-old could brute force their way into your network.  You want something with a little more ‘umph’.

You will want to use Wifi Protected Access, otherwise known as WPA,  for your wireless encryption.  WPA was designed after flaws were discovered in WEP that led to its demise.  Recently, researchers have found a way to crack WPA-TKIP connections, though it is still tougher than cracking WEP.  Since this has happened, you’ll want to make sure your using WPA-AES encryption to remain secure.  AES stands for Advanced Encryption Standard and the encryption contains three block ciphers.  It has been adopted by the U.S. government as their standard for encrypting sensitive networks and has yet to be cracked.

WPA2 is an even newer advance in WiFi network security.  If you have an older router or a computer older than 3 years old you may have compatibility issues.  For less headaches and still secure network, stick with WPA-AES unless you have all ‘newer’ hardware.

Conclusion

The simplest thing you can do to protect your wireless network is still encrypting it.  There is no need to cause yourself more trouble by turning off DHCP or hiding the SSID identifier. It will only give you headaches and nightmares down the road.  Most need for securing your WiFi comes from nosey neighbors or passer-by’s looking to score free Internet.  They don’t want to steal your credit card info or read your e-mails bur just score free interwebs. However, there are individuals who go around looking for easy targets to steal sensitive information from.

3D Realms, a Texas based video game developer abruptly ‘closed its doors’ in the middle of last week apparently stopping more than a decades worth of development on the popular video game ‘Duke Nuke Em’ Forever’.  The video game title is legendary among gamers and is one of the most anticipated releases in the gaming community in some time.  3D Realms announced with no warning at all they were shutting down, sort of.   3D realms hasn’t put out any official press releases or any other announcements.  The developer has only made a post on their message boards.

The day before it was made public that 3D Realms would be shutting down, a new website was registered.  The site that sparked it all was savedukenukem.com.  How in the world could a man by the name of Jeff Shenk, a 38 year-old web consultant who is associated with a small PR firm be privy to this ‘inside information’.  Jeff Shenk resides in Danville California, a long way from 3D Realms in Garland Texas!

Recent developments show that parents company Take-Two is filing a lawsuit against Apogee Sofware, which is the corporate title for 3D Realms.  Despite 3D Realms having definitive proof that Duke Nukem Forever was in progress, the studios’ unfortunate recent closure means that publisher Take-Two will lose all the capital that they invested into the project after accepting publisher rights. As noted on Shack News, Take-Two laid down US$12 million to the game’s original publisher, Infogrames, for the rights to Duke Nukem Forever in 2000.  (Computer World)

The question still remains…

Who are you Jeff Shenk???

It is not often I get a real good laugh at something I read on the Internet.  The following list is an exception however.  This information was posted on a site called Adequacy.org, proclaiming itself as ‘news for grown-ups’.  Did you ever want a surefire guide to tell if your son was a ‘l337 hax0r’?  Well this is not it by any means.

2. Has your son asked you to change ISPs?

Most American families use trusted and responsible Internet Service Providers, such as AOL. These providers have a strict “No Hacking” policy, and take careful measures to ensure that your Internet experience is enjoyable, educational and above all legal. If your child is becoming a hacker, one of his first steps will be to request a change to a more hacker friendly provider.

I would advise all parents to refuse this request. One of the reasons your son is interested in switching providers is to get away from AOL’s child safety filter. This filter is vital to any parent who wants his son to enjoy the internet without the endangering him through exposure to “adult” content. It is best to stick with the protection AOL provides, rather than using a home-based solution. If your son is becoming a hacker, he will be able to circumvent any home-based measures with surprising ease, using information gleaned from various hacker sites.

We all know so many Internet users choose AOL right?  I would have really loved a definition of what a hacker friendly ISP is as well.  According to this guide that your son or daughter could easily circumvent home-based protection and filtering, it’s best to stick with AOL for their filtering.  This is a joke right? (Sadly, no)

2.  Are you finding programs on your computer that you don’t remember installing?

Your son will probably try to install some hacker software. He may attempt to conceal the presence of the software in some way, but you can usually find any new programs by reading through the programs listed under “Install/Remove Programs” in your control panel. Popular hacker software includes “Comet Cursor”, “Bonzi Buddy” and “Flash”.

The best option is to confront your son with the evidence, and force him to remove the offending programs. He will probably try to install the software again, but you will be able to tell that this is happening, if your machine offers to “download” one of the hacker applications. If this happens, it is time to give your son a stern talking to, and possibly consider punishing him with a grounding.

I didn’t know Adobe Flash was a ‘hax0r’ application.  I guess I’m getting too old!  But don’t forget about that grounding.

3.  Has your son radically changed his appearance?

If your son has undergone a sudden change in his style of dress, you may have a hacker on your hands. Hackers tend to dress in bright, day-glo colors. They may wear baggy pants, bright colored shirts and spiky hair dyed in bright colors to match their clothes. They may take to carrying “glow-sticks” and some wear pacifiers around their necks. (I have no idea why they do this) There are many such hackers in schools today, and your son may have started to associate with them. If you notice that your son’s group of friends includes people dressed like this, it is time to think about a severe curfew, to protect him from dangerous influences.

If you began restricting this kind of dress code, you could lock up half your child’s school.  Glow sticks might be more indicative of a raver than a hacker, but we likely have the movie ‘Hackers’ to thank for this one.

Content provided by Adequacy.org

This information was written satirically to all the posts you read by parents online asking if their child is a hacker.  Most of these queries by parents are often fueled by 60 Minutes stories or CNN investigations into the ‘underground’ hacker culture of the Internet.  These stories are typically extremely exaggerated.  Oh wait, you disagree with that statement.  60 Minutes story on Conficker a few weeks ago is a perfect example.

“They call their weapons viruses and worms – they’re creepy, crawly toxic software that contaminate our computers without our ever knowing it. You can be infected by simply visiting your favorite Web site, or just by leaving your computer on, overnight while you’re asleep. “  – Lesley Stahl – 60 Minutes-March 29th, 2009

Wow, makes you want to turn your computer off right?

Just know your kids folks, just know your kids.

National security officials have announced the U.S. electricity grid was recently compromised by foreign hackers.  Current and former national security officials stated the spies left behind software that could be used to disrupt the electric grid in the United States. 

Security analyst’s said the attacks stem from Russia and China, both are trying to map our power grid infrastructure and its inner-workings.  Government officials stress no immediate threat can be seen. 

The software the hackers left behind were meant to be stealthy and hidden, ready to be turned on for malicious reasons in time of attack, but was luckily found by U.S. Intelligence and Security agencies. 

The Kansas City Star is reporting that In 1997, Kansas City Power & Light saw about 10,000 such “events” each month. Now it’s 10 to 20 every second.

The espionage appeared pervasive across the U.S. and doesn’t target a particular company or region, said a former Department of Homeland Security official. “There are intrusions, and they are growing,” the former official said, referring to electrical systems. “There were a lot last year.”

Officials said water, sewage and other infrastructure systems also were at risk.

“Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts,” Director of National Intelligence Dennis Blair recently told lawmakers. “A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure.”

A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage.

Security experts from the U.S. government have stated the attacks are so sophisticated, they are likely perpetrated by China and Russia. 

Conficker, Ghost spy network, PowerPoint attacks and now the U.S. electricity grid.  Are these breaches overblown media stories meant to instill fear and pump sales of security software?  It seems like there are more and more stories about the latest worm or breach of security of epic proportions.

I believe there is definitely a risk of any box that is connected to the Internet, no matter how many software or hardware defenses you have on it.  Nothing is perfect, no security unreachable.  If we have learned anything from Kevin Mitnick, it’s that the hardware is not the weakest link.  The weakest link of any network is almost always the users who manage it orhave access to it.  Social engineering is a real threat and the only defense against it is training every single person who has access to your secured network.  I wish more details were available on how these networks were penetrated, but we will likely never know. 

Even with all the training in the world, no one is perfect.  All the security in the world, none of which is perfect.  Therefore, any network is not 100% secure.

Microsoft has warned customers of a new vulnerability being exploited by hackers.  A security advisory issued late last week, Microsoft warned that hackers could gain compete control over a machine if a user executed an infected PowerPoint presentation.  The vulnerability would allow for remote code execution by the attacker.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the company said. “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
“At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability,” the company added.

At the time of this article, Microsoft has not issue an immediate patch but expressed the exploit will be fixed with their monthly security update.

Microsoft has instructed users not to open any PowerPoint (.ppt) presentations from unknown people via the Internet or on USB flash drives until they can patch the problem.

Researchers from two major universities have uncovered what they believe is a worldwide cyber spy ring proliferated by the Chinese government.  Researchers from the University of Toronto found that very complex and powerful rootkit malware was installed on machines worldwide from embassies, international organizations and other government officials.

The Christian Science Monitor is reporting…

Thirty percent of the targeted computers could be considered “high-value” targets. No US government computers were compromised; however, the cyber spies broke into a NATO computer for half a day.

Researchers were called in to investigate by the Dalai Lama when it was believed that Tibetan e-mail communications were being intercepted.  What was initially a very focused investigation quickly blew up into a major worldwide discovery.

It is important to report, because all evidence points towards China, doesn’t mean it is orchestrated by them.   Dan Colarusso writes, “The investigation, which doesn’t point at the Chinese government specifically.”

“This could well be the C.I.A. or the Russians. It’s a murky realm that we’re lifting the lid on.” said Ronald J. Deibert, a member of the research group and an associate professor of political science at the University of Toronto.

Don’t get worried about a ‘mega-uber-dooper secret un-stoppable malware infection’.  This isn’t a complex attack by any means.  It is social engineering at its best.  Social engineering was made famous by hacker Kevin Mitnick.

Forensics by Deibert and his team found that the attack originally started on a message board.  A monk had been engaging in a normal conversation where a hacker targeted him based on his e-mail address domain.  A hacker sent him an infected PDF and Word document to start the attack.  The hacker then began intercepting his communications and began targeting upper echelon targets on his e-mail contact list.  His attack continued scaling up until major ‘high value’ targets were infected.

It is true that your network is only secure as your weakest link, and no your router or OS is not your weakest link.  Your weakest link is likely the people who have access to the network already and divulge information much too easily.  It is still important to defend from random attacks simply based on holes and vulnerabilities, but just as important if not more to educate users of your network on good practices to stop social engineering attacks.

There is a very heated debate taking place that could effect us all.  It is called the Internet Safety Act and it would require those who provide any kind of Internet access point to maintain a log of network activity for two years.  Not only would you maintain a log of traffic, you would have to provide it to law enforcement on their request.  Everyone from ISP’s like AT&T and Comcast, right down to you and me with our home routers would be held to this new legislation.

This is not the first time this kind of legislation has been put on the table.  It has been tried numerous times the last few years.  Each attempt is met with fierce opposition where politicians want to protect the democratic nature and anonymity the Internet provides.  But is this bill really about protecting children and aimed at stopping child pornography?

This act is really aimed at massaging the relationship between our government and various industries like the recording industry, film and television.  This would make prosecution of those who shared music, movies and television much easier.  Lawsuits would sky rocket and organizations like the RIAA could have a field day prosecuting Internet users left and right.  However, the ease would come from legislation not meant for peer-to-peer networks or other torrents.  I’m sure the RIAA wouldn’t complain though.

When thinking, ‘how can we get this passed’, why not aim it at child pornography.  What legislator can say he doesn’t want to protect the children of this country from exploitation?  Opposition to this bill will have politicians standing their ground and fending off citizens who cannot see the bigger picture of those who want more control on the Internet.

The democracy of it is what makes it so great.  Net neutrality and the ability to keep yourself and views fairly anonymous are the back bone of much of the Internet. 

This legislation is wildly unrealistic, and if it were to be realized, it would be extremely costly.  Do they really expect John & Jane Doe with their Linksys wireless router to keep a network log of traffic when they can barely check their e-mail?  I highly doubt it.  

I see this bill as a major invasion of privacy and it should be met with harsh opposition.  It has implications for anyone using the Internet, including you and I.  What do you think?  Invasion of privacy or a much needed tool for law enforcement?