Oct 30
So, I just returned from an amazing security training out in San Francisco, California. It was the SANS 401 course which was much better than I could have ever imagined it would be. The course started out a little slow with Stephen Sims going over some basic networking concepts. Seeing as I’ve spent most of my life learning about networking and how TCP, UDP, and routing protocols work, it was a bit boring to me. But after we got through that the course started to get exciting. The 6 days were split up into 6 core areas that covered a wealth of information about security.
Some of the highlights from the course were definitly some of the off things that Stephen Sims talked about. He discussed an IE6 exploit with IFrames that has since been patched. As strange as it was though, about 10 of the 18 people in the class had machines that were still susceptible to the attack. Not only did he tell us about the exploit and show it in action but he delved into the assembly code that caused this attack to work. It was much deeper than I ever would have imaginged a network security class would have taken it. On top of this, we went over just how easy it is to crack WEP security (which I tell people all the time) but also the tools that are required to crack WPA using a brute-force attack.
The scariest thing I realized in this class though was how simple it is for people to get their hands on the tools that are necessary to make out these attacks. Things like ARP poisoning and using rainbow tables to crack LM Hash passwords are as easy to come by as a MySpace account… Alright, maybe not that easy… I mean some people who don’t read have MySpace accounts and unfortunatly, I don’t think these applications are made to be optimized for Text-to-Speech engines. Someone with a few days to read up on these techniques can start cracking WEP keys, sniffing network traffic and taking your personal or business information in a matter of minutes.
I’ll write more on some of the topics that were covered in this course soon. For now, I’ll leave you with one word of advice. While you can not ever truly protect yourself from all forms of attacks and keep your information safe from all prying eyes, one of the best things you can do for yourself is patch and update. Patch and update everything — from Windows to Mac OSX to Office to Mozilla Firefox, download the updates. I know it can be a pain and take some times but it’ll be worth it.
Oct 12
So I finally sat down yesterday and upgraded our ePolicy architecture to version 4.0 and I couldn’t be more happy with the results of the upgrade. After a bit of work during the upgrade of backing up the MSDE database on the server, the upgrade went off without a hitch.
ePolicy is a management system for all of McAfee’s products. It combines customization, reporting, and control of machines in one easy-to-use interface. This product can control McAfee’s SiteAdvisor, anti-virus product, compliance software, and more. It even controls some other software vendors’ products. Some of the issues with the older versions of the product included very poor integration with AD and NT domains, a cluttered MMC controlled interface and very cumbersome reporting tools. All of this is changed with version 4!
A few key additions/fixes in version 4 that make it so great to use are:
- Web enabled interface
Not only did McAfee give us a new beautiful web interface but they completely got rid of the old MMC interface. This means that the software runs faster, allows customized screens and has a snappy user experience.
- Reports and more
McAfee also added a much needed, updated, reporting piece to their software. You can create reports on the fly, link directly to them from other sites, and automate the reports and have them emailed off in a multitude of formats.
- Improved and redesigned AD/NT integration
AD integration was one of the worst pieces of the old software to deal with. It would not remove machines when they removed from AD, it would not move machines when they moved in AD and it would duplicate machines all the time. This version provides direct integration into AD and provides the options to customize exactly what you need it to do.
The list of great new features and fixes could go on and on but I think I’ll let you decide. Shoot on over McAfee’s site to take a look at all the great tools that they have. And if you’re working in an organization that doesn’t manage your anti-virus, anti-spyware and compliance software today make sure you take a look at McAfee’s product.
Oct 10
So I’ve talked about how to start doing a basic security audit for yourself or your company. I think I’d like to answer a few questions that I get about wireless security now. Wireless is both a boon and a bane to the computing and technology world. When I talk about wireless here, I’m referring to wifi, 802.11b/g/n — not cellular wireless.
The best part of wireless is that it’s wireless. I know that sounds like a stupid, useless fact but it’s something to keep in mind while working with this technology. Wireless can be accessed outside of where you think the signal ends. Most people who implement wireless feel that they don’t need to enforce any security because they put the access point in their office or their house so only they can access it. Wireless bleeds out the windows, the doors, and straight through the walls. Someone with a high gain antenna should have no issue picking up a wireless signal over a mile away as long as they have line of site.
Second, WEP is not a secure standard. Yes, it looks secure since it has to be 5 or 13 characters but it’s truly not. Following some simple instructions, which can be found via Google and at SecurityFocus, a person can hack a WEP key in a few minutes. This means that they can have access to your personal or commercial network and take control of your information or worse, take your information. Identity theft is on the rise and there is no better time than now to protect yourself.
There are many great ways to help protect yourself while using wireless. I’ve listed a few below along with some more information about how to implement each one.
- Use WPA or WPA2 instead of WEP -
There are many different ways of using WPA or WPA2. TKIP and AES encryption are two of the simplest ways of protecting yourself. Most wireless APs and routers can accomplish this already and it’s easier to remember a long pass-phrase (such as iLoveToProtectMyWirelessConnection) than it is to think up a 5 or 13 character phrase like needed in WEP.
- Place your access point(s) in strategic places
While you don’t want to place your APs so out of the way they can’t give you proper signal, you also don’t want to install your APs on the windows of your buildings. There is a restaurant where I live that has their AP directly in the window. This allows me access to their wireless anytime I want. A great tool to check wireless signals is call VisiWave Site Survey. It’s not free but it does produce outstanding reports to see just where your signals go.
- Use a VPN server
While you can always attempt to protect your wireless network, using a VPN server to connect after getting on your wireless will encrypt and save your data from prying eyes even after they have broken into your wifi. Many companies already have VPN servers setup for remote access in so you could use this same server to get from your wireless into your LAN.
Well, hopefully this has been helpful to you. Let me know what types of ways you use to protect your wireless LANs.
Helpful Informational Links:
