Five Simple, Free Security Hacks

Posted on February 5th, 2010 in Security | 1 Comment

security software is the lock on your PC’s front door, but you can also make that door less attractive to crooks.

Let’s talk about security hacks, simple yet clever ways to protect yourself and your PC that cost little or nothing. Here are my fve favorites. It should go without saying that none of these can replace good, up-to-date antivirus and firewall protection, but they can make stealing your system or data difficult or unappealing.

It’s simple, yet surprisingly effective: Remove the keyboard and mouse. It’s highly unlikely that a snoop will carry an extra keyboard and mouse with him. This will slow someone down but is far from foolproof, and it should go without saying that every computer should be physically locked to a sturdy object and secured behind a strong password.

To protect from pod-slurping (the connecting of an unauthorized USB device and its use to steal data), disable your USB ports. Or and we borrowed this one directly from the U.S. military epoxy over the USB ports. Too permanent? A slightly more elegant solution is to open the PC case and disconnect (or cut) the wires running from the motherboard to the USB ports.

Traveling with a laptop? Try not to advertise that you’re carrying a valuable piece of equipment: Use a computer bag that doesn’t look like a computer bag, or use a neoprene sleeve inside a regular backpack. If you nap at the airport, wrap
the shoulder strap around your arm or leg so you’ll be alerted if someone tries to walk away with your bag.

Here’s an easy way to hide your Windows PC on a network while maintaining access to network resources. (This also works when you want stealth but still want to let others access your shared resources.) At the command prompt, type

Net confg server /hidden:yes

Now you’re still a member of your network neighbourhood, but your PC won’t show up when others browse for it. Make sure your software firewall is turned on, and block incoming ICMP traffic. This will prevent a network intruder from scanning for your PC using a ping sweep.

Once you are hidden on the network, you can spend some time trying to figure out who, if anyone, is connecting to your PC and to whom your PC is connecting. To accomplish this, you’ll use the command-line tool Netstat and the Task Manager. Get to the command prompt and type

netstat –ao

A bunch of info will by on your screen listing the type of connection, the IP addresses of remote hosts, the protocols,
and the process identifer, or PID. If there is something here you don’t recognize, write down the PID. Now, open the Task Manager and add the PID column by opening the View menu and clicking on Select Columns. Check the box next to PID. Now match the PID from Netstat and the PID from Task Manager to learn which applications are holding which ports open. A well-secured machine should have ports open only for authorized apps.

5. One last idea: Enabling secure logon in Windows XP and Vista will protect your system from malware that attempts to impersonate a log-on screen to steal system passwords. This forces anyone trying to log on to press Ctrl-Alt-Del frst. In
Windows Vista, open the Run command, type netplwiz, and click Continue when prompted by User Account Control. In the Advanced User Account window, click the Advanced tab, then select the box that says Require users to press Ctrl-Alt-Delete. In Windows XP, go to the Control Panel’s User Accounts applet. In the Advanced User Account window, click the Advanced tab, then select the box that says Require users to press Ctrl-Alt-Delete.

Tags:

Guard Your Network With a Free Firewall

Posted on February 3rd, 2010 in Security | 1 Comment

If you ever find yourself in need of a decently robust and full-featured firewall but your budget is approaching zero, I have just the solution for you.

SmoothWall Express 3.0 is an open-source, security-hardened GNU/Linux firewall. With minimal hardware requirements and a small footprint, it should work with nearly any Pentium-class PC that has at least 128MB of RAM and a hard disk of 2GB or
greater. You should have at least two network cards installed or basic use, three or more if you want to incorporate a wireless network or to have a DMZ (a demilitarized zone, or a host that serves as a buffer between your private network and the outside). Keep in mind, though, that your firewall’s reliability is limited by the hardware on which you install it.

Installing SmoothWall
Don’t worry if you don’t know much about Linux. Though the geeky can get down and dirty at the command line, Smooth
Wall is easy to install and configure. It’s meant to be managed via an integrated Web interface, as well. To install, first download the 81MB ISO file and burn it to a CD. If you need disk-burning software, try ImgBurn.

Boot to the CD and run the installer, which will wipe the hard disk before it installs. Accepting the installer’s defaults a good start. The first “hard” question involves the security policy for outgoing requests. The default is Half-Open, which permits outgoing traffic except for any hat is potentially harmful. You may also choose Open, which doesn’t limit outgoing traffic, or closed, which requires that configure what traffic is permitted.

You then need to configure your network interfaces, which will be labelled Green, Red, Orange, or Purple. The Green interface is your trusted LAN. Red is the evil and dangerous Internet. Orange is your DMZ, and Purple is your wireless LAN.

Next you select which network card to ssign to each role. SmoothWall will probe for and detect most cards. You’ll need to specify IP configuration, and optionally the DNS and gateway settings. You may also configure Web proxy, ISDN, ADSL, and
DHCP. Lastly, you need to set a Web-interface password and a root password for command-line access.

You’re done with setup. From here you an leave your “Smoothie” as is, and it behaves as a fully functional firewall. However, you can configure the most inepth features only through the Web interface. Point your browser to https://SmoothWallGreenAddress:441 and enter the admin password you made earlier.

For a free product, SmoothWall is remarkably full featured, including proxy servers, IDS, logging, traffic graphs, DHCP, VPN, dynamic DNS, port forwarding, server health, and access control. It also provides an interface for backing up and restoring your configuration, so when your Pentium II PC kicks the bucket, you can get SmoothWall up and running again.

SmoothWall Express is limited to a single CPU and 1GB of RAM, but that’s not likely to be an issue for even a network with a couple hundred users. The real imitation is the lack of support: While you can consult the robust user community, you’re mostly on your own. Of course, The commercial arm of SmoothWall sells paid and supported products, too.

Tags:

WPA Wi-Fi Encryption Cracked for the First Time

Posted on January 7th, 2009 in Security | No Comments

Once thought safe, the WPA standard used by countless wireless routers has been revealed to be vulnerable- but only in theory, for now.

Security researchers say they’ve developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard that is used to safeguard data on many wireless networks.

Researcher Erik Tews was to demonstrate the attack at the PacSec conference in Tokyo in mid-November. Cracking WPA encryption could be exploited to read data being sent from a router to a laptop, or to send bogus information to a client connected to the router.

Tews and coresearcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, which WPA uses, in a relatively short 12 to 15 minutes, says Dragos Ruiu, the PacSec conference’s organizer.

In this particular attack, however, they have not managed to crack the encryption keys used to secure data sent from the PC to the router.

WPA, widely used on today’s Wi-Fi networks, is considered superior to the original WEP (Wired Equivalent Privacy) standard, which most security professionals now deem insecure. Retail store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in United States history, in which hundreds of millions of credit card numbers were stolen over a two-year period. The new WPA2 standard is considered safe from the recently developed attack.

“Everybody has been saying, ‘Go to WPA because WEP is broken,’” Ruiu says. “This is a break in WPA.”

If WPA is significantly compromised, it would be a blow for business customers who have been increasingly adopting it, says Sri Sundaralingam, vice president of product management with wireless network security vendor AirTight Networks. Although customers can use other Wi-Fi technology such as WP A2 or virtual private network software that will protect them from this attack, many devices will still connect to the network via WPA, or even by way of the thoroughly cracked WEP standard, he says.

Click for more details:
Hacking Wireless Networks For Dummies Linksys WRT54G Ultimate Hacking Home Networking For Dummies

Tags:

Free Security Software for Your Systems

Posted on June 3rd, 2008 in Security | No Comments

EULAlyzer
Wonder what you’re agreeing to when you click I Accept? Don’t worry; just drag EULAlyzer’s target icon onto the EULA for a quick report on any troublesome language.

Hotspot Shield
Create an instant virtual private network (VPN) tunnel between your laptop and the router at any Wi-Fi hot spot to protect your data from snoops on the public airwaves, even if you are using extra encryption. If you’re on a network that limits the use of certain applications, such as Skype, the VPN could give you unfettered access. It even works with your wired connection for an extra layer of security.
Web Site: www.anchorfree.com

Kruptos 2
Kruptos makes a file accessible only to someone who knows the password; it includes a file shredder.
Web Site: www.kruptos2.co.uk

PC Flank
While ShieldsUP! tests your firewall’s ability to stealth all ports, PC Flank performs surgical strikes that emulate specific malware attacks to verify that your firewall blocks them.
WebSite: www.pcflank.com

SendShield
This Outlook add-on strips out extra info and tracked changes in Word documents attached to messages.
Website: www.sendshield.com

Tags:

Protecting your Wi-Fi connection

Posted on May 15th, 2008 in Security | 1 Comment

When you connect to the Internet through a wireless access point, you are using radio transmitters to send data between the access point and your computer. Anybody else with a Wi-Fi–enabled computer or a specialized radio receiver can also receive those signals. Unless you protect your Wi-Fi network, anybody with a Wi-Fi network interface can use it to connect to the Internet and possibly open files on your own computers.

In many neighborhoods and business districts, as many as a dozen or more different Wi-Fi signals are floating around. Most of my neighbors have turned on their access points’ security features, so it’s a lot more difficult to grab an unauthorized connection from any of them than to break into a network through an unsecured access point.

There are methods out there for cracking Wi-Fi encryption, but most intruders look for an unsecured network rather than taking the time to break through encryption. However, no wireless network is totally secure without additional tools, so your best defense is to make your wireless network more secure and more difficult to crack than the one across the street.

(more…)

Tags:

How To Set Up Wireless Encryption

Posted on May 13th, 2008 in Security | No Comments

Wi-Fi encryption uses the same key code on the access point and on each client computer to provide access to encrypted data. To add a key code to a Wi-Fi connection profile in Windows, follow these steps:

1. From the Control Panel or the system tray, open the Wireless Network Connection Properties window and choose the Wireless Networks tab.
Setup Wireless Encryption

2. Find the name of the network in the list of Preferred networks and click the Properties button.
Setup Wireless Encryption

3. Open the drop-down Data encryption menu and choose WEP or WPA. If the program offers you a choice of key lengths, choose the longest possible number of digits.

4. Type the same network key that you used to set up encryption on your access point in both network key fields.

5. Click the OK buttons in both open Properties windows to save your settings and close the windows.

Tags:

Configuring Wireless Network Security

Posted on February 15th, 2008 in Security | 1 Comment

You configure security on a wireless network by managing the properties for that wireless network connection. The pros, cons, and details of these various security methods are beyond the scope of this book; what is important is that you know how to configure Windows Vista to match the corresponding settings in use on your network. Managing wireless connection is done via the Manage Wireless Networks applet, which is available, like all other network applets in Windows Vista, via the Network and Sharing Center. To open the Manage Wireless Networks applet, first launch the Network and Sharing Center and then select Manage Wireless Networks from the task list on the left side of the screen.

Right-clicking on an available wireless network connection and selecting Properties opens the Wireless Network properties dialog box. To configure wireless security, select the Security tab. Depending on the type of security and encryption in use, you will see different options on this tab.

Wired Equivalent Privacy
WEP is part of the 802.11 standard and is a means of securing a wireless network. The purpose of WEP is to make the communication between the computer’s NIC and the access point more secure than that of a standard radio broadcast. If the access point you are connecting to is using WEP, you need to configure Windows Vista for WEP and provide the correct security key and key index. To do so, open the Manage Wireless Networks applet from the Network and Sharing Center, right-click the network you want to set up, select Properties, and then select the Security tab. To configure WEP, set Security Type to Shared and select WEP as the Encryption Type. Doing so displays the WEP options.

(more…)

Blog Widget by LinkWithin

Tags:

« Older Entries