Maintain your old Siemens Hipath system

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom
----------------------------------------
As a network security consultant, I travel quite frequently. At times, it seems like the airport is my second home. I actually like to fly, it's a moment in time where no one can reach me by e-mail, or mobile phone.

It never fails that something interesting happens to me at the airport. I've even met some famous people during my travels. A few months ago, I ran into Frank Bielec, from the TLC show, Trading Spaces. But one of my favorite things to do at the airport is browse the wireless Ethernet waves. I'm never really surprised at what I find. I'm just glad I know more about wireless Ethernet than the average road warrior.

The Dangers Of Ad-Hoc Wireless Networking
-----------------------------------------
Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. For more information on configuring your "Infrastructure Mode" wireless network take a look at the "Wireless Network Security" page at Defending The Net.

Links
-----
http://www.defendingthenet.com/WirelessNetworkSecurity.htm

However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of.

A wireless Ad-Hoc network allows you to communicate with other wireless Ethernet systems without using a wireless access point. It's kind of a peer to peer configuration and it works rather well. The problem is, most people just set it up, and forget about it. At home, it's not a huge problem, but when your on the road, it could cause you a great deal of grief. The airport is probably the best place to find Ad-Hoc networks. Business men and women, delayed once again, power up their laptops and get to work completing the days tasks, or planning tomorrows agendas.

I can't tell you how many systems I find in the airport configured this way. Not just in the terminal, but on the plane. About three months ago, just after we reached cruising altitude and were allowed to use our "approved electronic devices", I found that the gentleman two seats up from me had a laptop configured as Ad-Hoc. He walked by me about ten minutes later and commented on how much he liked my laptop. I thanked him, and asked if his laptop was on, and configured to use wireless Ethernet, he said yes.

To make a long story short, I showed him that I could see his laptops wireless Ethernet and informed him of the danger. He asked me if I could access his hard drive, and I told him that it might be possible. He asked me to see if I could, so I obliged. After configuring my laptop to use the same IP address class as his, and typing "net use * hiscomputersIPAddressc$ "" /USER:administrator", I received a notice that the connection was successful and drive Z: was now mapped to his computer. I performed a directory listing of his hard drive and the guy almost had a heart attack!

After this, he moved up to the seat next to mine and we spent the next hour or so configuring his laptop securely, starting with securing his computers local administrator account. At one point during the configuration, he made the statement that I got real lucky because his local admin account did not have a password. My response to him was, I get lucky quite often.

Who Else Has Your Client List
-----------------------------
Just think of the possibilities. What do you have to lose if someone is able to just peruse the files and data on your laptop? Do you maintain your customer list on your laptop (Do you want this in the hands of a competitor)? How about your personal finances (Identity theft ring a bell)? So many people I talk to initially say, "I really don't have anything of great importance on this system". Then they think a little bit and start rattling of things they never really thought about before. All of a sudden, they get concerned.

The fact is, whether it be "Infrastructure Mode", or "Ad-Hoc" wireless Ethernet communications, if not properly configured and secured, can pose a significant risk. There are thousands of articles on the Internet about the dangers of improperly configured wireless networks, yet the number of unsecured networks seems to be getting greater, not less.

Strength And Posture Does Reduce Your Risks
-------------------------------------------
Keep in mind that your objective should be to reduce the chances that you will become a target for computer compromise. When I was growing up in South Philadelphia, I remember my father telling me that when you walk down the street, especially in the evening, to walk tall, and project a position of strength and authority. Why, because thugs typically pick out those who look like an easy target. The same thing goes for computer security. Reduce the risks of becoming a target buy configuring your system with a strong security policy.

When I perform security assessments, I create a list of potential targets, and potential methods of compromise. I then prioritize that list by which system, with a particular vulnerability, may be easiest to compromise. Those at the bottom of the list typically never come on my radar screen; the best scenario it to keep of the radar altogether.

Conclusion
----------
If your are using wireless Ethernet, no matter what configuration, follow a few rules and keep yourself secure against most common types of compromise.

1. Above all, make sure all your user accounts have strong passwords, especially those that have administrative control over your system;

2. Configure your wireless network to use some sort of encryption. I know there is a lot of concern about the "crackability" of WEP, but if this is all you have to work with, and then use it. It is still helpful;

3. If possible, use MAC addresses filtering to restrict unwanted systems from attaching to your wireless network;

4. Make sure the firmware for your AP's and wireless Ethernet cards are up to date. These updates can be found on your card or AP's support site.

Remember, if you are compromised over your wireless network it can be near impossible to track down where the attack came from. Worse yet, think about how many systems become compromised, and no one ever knows it?

About The Author
----------------
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at Darren.Miller@ParaLogic.Net or DefendTheNet@ParaLogic.Net.

In The News:

US delivery of long-range missiles to Ukraine could prove pivotal - but has been controversial
Fri, 22 Sep 2023 19:25:00 +0100
They have a catchy name. They’re called "attack'ems".

Ukraine's super gran: 'I went into the wolf's lair to save my grandson'
Sat, 23 Sep 2023 01:01:00 +0100
"I was going into the wolf's lair but I had to overcome my fear because I was the only one who could rescue my grandson."

After Russia's illegal invasion of Ukraine, is the UN still fit for purpose? | Sean Bell
Sat, 23 Sep 2023 01:01:00 +0100
The United Nations was conceived at the end of the Second World War with the primary objective of maintaining international peace and security.  

'Our fight is the global fight': Spain and Sweden teams unite as World Cup kissing scandal rumbles on
Fri, 22 Sep 2023 22:56:00 +0100
Sweden joined Spain's players in a show of solidarity ahead of their Women's Nations League clash as the scandal surrounding Spanish football rumbled on.

Ukraine 'successfully' hits Russia's Black Sea navy HQ using British and French cruise missiles
Fri, 22 Sep 2023 15:08:00 +0100
The Ukrainian military says it has "successfully" struck the headquarters of Russia's Black Sea fleet in occupied Crimea in an attack using Storm Shadow and SCALP cruise missiles.



tikatoshop.it

Erfahrungen mit Pallhuber Wein
Agen Bola SBOBET Terpercaya

Travel in comfort and at your leisure with CT Airlink Limousine & Car Service for top quality private transportation and exceptional customer service. We operate Sedans, SUVs & Vans for CT Car Services to covering all Connecticut airports including Car Service from CT to Newark Airport , Mohegan Casino Uncasville CT, Foxwoods Casino Mashantucket CT, Manhattan Cruise Terminal NYC, Brooklyn Cruise Terminal NYC and Bayonne Cruise Terminal NJ. CT Airlink hire licensed and friendly chauffeurs who have in-depth knowledge of the Areas.

Is the Internet Insecure Because of You?

Long gone are the days that we could feel secure... Read More

Corporate Security for Your Home Business

The words Corporate Security may conjure up images of a... Read More

Desktop Security Software Risks - Part 1

This is the second in a series of articles highlighting... Read More

Just Whos Computer is this Anyway?

Well, this is an article I never thought I would... Read More

Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders

Can you protect your computer from all possible viruses and... Read More

A Basic Introduction To Spyware

Spyware is the most troublesome software to appear on the... Read More

I Spy...Something Terribly Wrong (In Your Computer)

This really chapped my lips...I recently bought a new computer.... Read More

Reporting Internet Scams

When it comes to reporting Internet scams most of us... Read More

Internet Privacy

Over the past few years as the internet has become... Read More

The One Critical Piece Of Free Software Thats Been Overlooked

Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work... Read More

Breaking Into Your PC: News...

You'd better learn news from media, not from emails, security... Read More

Cybercriminals Trick: Targeted Trojan-Containing Emails

Threats we ordinary Web users face online leave us no... Read More

If You Sell Anything Online Your ePockets Are Being Picked

You and I are a lot alike. We are both... Read More

How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More

How to Protect Yourself Against Online Criminals

Credit card fraud is a growing problem for online businesses... Read More

Data Security; Are Your Company Assets Really Secure?

Is your data secure? Think again. Securing data is unlike... Read More

Is Shopping Online For Your Horse Gifts Safe?

Shopping for horse gifts or other gift items on the... Read More

SCAMS ? Be Aware ? And Report When Necessary

The Internet is a vast International Network of people and... Read More

File Sharing - What You Need to Know!

File sharing on p2p is soaring despite the music and... Read More

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?No, it doesn't mean you... Read More

Five Excellent Indie Encryption And Security Solutions You Have Not Heard About

1. Geek Superhero http://www.deprice.com/geeksuperhero.htmGeek Superhero watches your computer for changes,... Read More

Reclaim Your PC from the Internet Spies

Viruses are, however, not the only malicious software programs out... Read More

Information Security for E-businessmen: Just a Couple of Ideas

If you constantly deal with bank or electronic accounts, it... Read More

HackAttack

P C. owners are constantly at risk from attacks by... Read More

Online Shoppers, Beware of a New Scam

Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More