Internet Security

[Ric]

I heard in the news today, that one in ten people in the UK, have become victims of Identity theft !!!!

You might be asking what this has to do with Internet security, well how many people do you know that have a wireless access point at home or at work !

Well as a little experiment, I just happened to have a laptop in the car the other day and decided to run a little app called Net Stumbler (sorry Danster on my PC), whilst driving from home to the local B and Q (DIY Store): all of 3 miles. To those who are unaware of what I was doing, this could technically be called "War Driving".

On route Net Stumbler picked up 42 Wireless Networks, out of those 27 were insecure. By insecure what I mean is that if I wanted to I could have gone back to the location of one of those networks, parked up, and hooked up to their network instantly, yes from my car !

This technically would allow me to join there network, and do whatever I wanted, surf the Internet on their connection copy files of their PC's etc...anything !

I could then if I had wanted to ran other software (which I again am not going to name) and collected every piece of information traveling on that network.

Websites being viewed, password's email's etc.

I find this very scary. Why on earth don't people at least read the manual's that comes with their equipment, they just leave the security on the factory default !!!

If anyone out there is reading this and is unsure as to whether their own systems are safe then get in touch, it takes minutes to check and can save you a fortune.

I can't believe how many people are leaving themselves open to this...

 

[Danster]

Wow that's pretty scary

Does it only effect wirless connections I.E Airport Extreme?

I'm hooked up through and extension cable running up the stairs from the main socket downstairs (the broadband guy said i couldn't use an extension, hehe don't trust anybody till you try it yourself

 

[Cory Cooper]

Go

Yes,

What Ric was describing is wireless only.

C

 

[Danster]

So when i eventully get a laptop i won't be able to have a wireless connection or is it just that people don't configure their security settings properly?

 

[Cory Cooper]

Go

If you get a iBook/Powerbook, you will be safe. If you have an AirPort, you just need to make sure you create a closed network using WEP encryption, then people can't access it without a name and password. People tend to just set up wirless networks, and never read the security information included with the hardware, thus leaving their network open for anyone to just join and start surfing.

I have used many open networks when traveling, simply by doing what Ric stated...even in Washington, DC on government wireless networks! It's a simple thing to close access off to outside folks, takes but a few clicks and a restart of the AirPort.

Cory

 

[Ric]

Danster:

As Cory said, as long as you have your network configured correctly then you will be safe(r).
Some of what's being said will make no sense to you, till you get a wireless network.

WEP encyrption as Cory said, for the most part is very good, however it is unfortunately easily accessed if the person wants to get into your network, software available on the Internet, that will crack the WEP key.

If you get a new Snow Base Station, you can use WPA encyrption which is better. As Cory rightly said alot of people pop down to their local "Dixons" etc and buy a Netgear/Linksys wireless adapter, take it home plug it in and don't bother changing the default SSID (network name) or the user names or the passwords. Which, if they are left like this means that anyone could gain access, even by accident, next door neighbour etc.

If however you at least, "create a closed network" (this means that unless you know the name of the network, your computer cannot automatically join it. This is a good step, because it stops neighbours being able to see that you have a wireless network. Another reasonable security measure is using "mac addessing", this tells your network which devices are allowed to use your network.

Implementing any of the security measures that come with these devices will stop the casual (Kiddie Scripter/hacker), but by no means would it mean that you network is secure.

I don't mean to be creating an alarm, as long as you implement the best security measures that you can, and you keep an eye on your logs then at least if someone is having a nosey about, you can do something about it.

One nice feature on the Snow Base Station, is being able to turn the transmit power down, during the winter you can turn it down so that your wireless network stays within your house, then during the summer you can crank up the power and have a sit outside, surfing on your laptop with a beer and a barbeque...If the transmit power is turned down then someone sat outside trying to access your network would not be able to get a signal.

 

[Cory Cooper]

Go

Yeah, what he said!

Nice post Ric. I concur.

***Note: WPA is only available on the current AirPort Extreme (with firmware 5.5 or later) and AirPort Express (with firmware 6.1 or later) solutions. The older Snow and Graphite AirPort Base Stations do not support WPA, only WEP.

C

 

[Danster]

When i get my powerbook/iBook this summer i plan on buying a snow station which i will need to pick up the airport signal right??

I want to clear this up.... am i safe with the cable connection i have got now, i mean can nobody access my connection other than me?

 

[Ric]

Don't worry !

You're cable connection is safe !

The only way someone can access your network, is by physically plugging into it, which is very unlikely. (You should be able to spot someone sat on your sofa, lol.)

Two elements you need for a wireless network, an Airport Card and an Airport Base Station. If you are buying an iBook or a PowerBook you can specify to have one installed when you buy it. You will than need a Base Station, you haven't got to buy an Apple one, if you don't want one.


Once you've gone wireless it's hard to go back...

Very nice out in the garden in the summer, doing a bit of work or surfing the Internet.

Just to clarify; Wireless setup:

Internet--->ADSL Modem-->Wireless Access Point----------->Signal picked up by Laptop etc.

or

You can buy a combined ADSL Modem with built in Wireless Access Point Netgear's WG602.

Internet--->ADSL Modem incl Wireless--------------->signal picked up by Laptop etc.

 

[Jim Plante]

Well, I don't agree 100% that cable is safe. Too many people will buy a router, and do exactly what Ric described relating to the wireless base station: Plug it in, turn it on, and begin to use it. Routers can act as a hardware firewall, preventing unauthorized access over the internet. But they won't keep out internet prowlers unless you take some basic security measures.

Routers have an administrator's password. This is set to a factory default value usually. Follow the directions in your router's manual, and change the *&%(* admin password.

Some folks have both a hardware firewall (in the router) and a software firewall (in each computer.) Mac OS X has a software firewall built into the OS, but you have to activate it.

Just as no lock is secure against a determined burglar, no network is 100% secure against a determined hacker. All we can do is make it more difficult to break in than it is worth. You don't have to be able to outrun the bear; you have only to outrun the slowest camper.

 

[Ric]

I quite agree Jim...

...but in the context of the first post, cable is safe, as far as, it can't be shared by your neighbour or someone sat out side your house in their car ! Unless they stick an ethernet cable in one of your ports...

But as you rightly say many people don't change admin passwords, leave Firewalls off etc. and in this scenario cable is not safe, from 'Crackers' trying to get in to 'weak' systems.

...there's a lot of slow campers out there ;-)

regards

RIc

 

[Jim Plante]

Hi, Ric,
There are a lot of determined hackers out there, too. I remember a book by a guy named Knightmare, who described breaking into so-called "secure" networks just because of the challenge it presented. When he was successful, he would leave the Admin an e-mail telling him how to close the security gap.

There were some high-tech articles (years ago) about using sensitive antennae to "sniff" the RF coming off a keyboard cable to log keystrokes. There was even a dude who cobbled together something which would catch the stray RF from a CRT and duplicate the screen on a display. Fascinating stuff.

The "normal" security measures we take--firewalls, routers, protected wireless networks--will do for most of us. Nothing much in my financial files to interest anyone. But no computer is secure unless it's turned off. Even then, the hard drive could be burgled. (Is that a word?)

Regards,
Jim
(...slightly faster than the slowest camper.)

 

[Ric]

Hi Jim,

He sounds like one of the nice guys !

There's that much Rf nowadays you'd need to have the antenna stuck to the keyboard to get a decent signal...

Similar stories now with BlueTooth keyboards.

Keep on running...

regards

Ric