Network Security | Briscoe Network Solutions

Is your wireless naked? Last Post.

March 30, 2011 By Phill Briscoe Leave a Comment

You can never be too serious about network security whether it is a wired or wireless network. Brian Posey makes a case in his last wireless security article that wired networks can be more vulnerable than secured wireless networks unless some form of network access control is employed.

On a wired network anyone who plugs into a network jack can have access not only to the internet but also open access to your network. With the ready availability of mobile storage devices (flash drives and pocket hard drives) not only is the copying of sensitive data easy but malware can also be introduced into your system. Initially, this seems like a digression regarding our discussion about wireless security but this is really only a different side of the same coin.

The question is what are you doing to secure your wireless networks? I generally discourage businesses that have high visitor traffic from setting up wireless network or, if visitors need to have wireless access, I set up a separate non-domain (separate addressing scheme and DHCP server) router/access point. On the other hand the accountant or compliance auditor expects to plug into your network as a mere sign of courtesy.

In his final post regarding general wireless network security, Brian Posey outlines some basic concerns regarding wired versus wireless security: http://www.windowsnetworking.com/articles_tutorials/Securing-Wireless-Network-Traffic-Part5.html?printversion.

Share and Enjoy:

Filed Under: Maintenance, Network Maintenance, Network Security Tagged With: computer maintenance, Network Security

Is Your Wireless Naked? – Continued

January 5, 2011 By Phill Briscoe Leave a Comment

Pardon me if I lost momentum during the holiday blitz but I hadn’t forgotten that we are following Brian Posey’s articles on wireless security.

I’ve chosen to follow Brian because he’s a known expert and I want my readers to become familiar with security issues and good technology support sites, but I feel no inclination to repeat Brian’s work and somehow “tweeting” just doesn’t do it. In his December article, Brian focus is on the visibility of your wireless access point, SSID broadcasting and MAC address filtering.

I’ve always thought that MAC address filtering was cool but as Brian points out it isn’t always practical. To the point, many SOHO wireless devices will automatically populate attached network adapter device addresses (MAC address) and give you, the user, the opportunity to “lock in” only those addresses. This is a simple process until Cousin Max or your attorney visits and wants to connect his laptop to your network. My suggestion for businesses concerned about security is: set up a second wireless device which distributes a different range of addresses for non-office computers. If this sounds complicated, call me.

Share and Enjoy:

Filed Under: Blog, Business Tools, Network Security Tagged With: Busines networking, Network Security

Is your wireless still naked? #2

October 29, 2010 By Phill Briscoe Leave a Comment

In my last wireless post I mentioned that Brian Posey was writing a series on wireless security and rather than duplicate effort I direct you to his latest blog postings on wireless security. Brian reiterates what we discussed in our article about simple security, i.e., most wireless appliances are configured through your web browser and the default user name and passwords are well known and used by everyone. Changing the default password is a simple security step which many techs either don’t configure or forget to configure. The excuses that access to the access point is infrequent and over time passwords may be forgotten only means that the network hasn’t been documented. As to default passwords, as Brian covers in his article, the following chart is a case in point.

Common Wireless Device Browser Access Defaults
Device	Access Address	User-name	Password
Linksys	http://192.168.1.1/	“blank” or admin	admin
Netgear	http://192.168.0.1 or http://192.168.1	admin	password or 1234
Trendnet	http://192.168.1.1	admin	admin
DLink	http://192.168.0.1	admin	“blank” or admin

Now before you get upset that I’ve given up the farm, just think are you using the default passwords with your wireless access points; are you using the default IP address; did you know that this information is readily available from the manufacturers support site? Take a little time, read Brian’s article, and think about it. Are you going to make any changes?

Share and Enjoy:

Filed Under: Backup and Security, Blog, Business Tools, Maintenance, Network Maintenance, Network Security Tagged With: Busines networking, computer maintenance, IT support, Maintenance Plans, Network Security, small business

Is your wireless naked?

October 14, 2010 By Phill Briscoe Leave a Comment

Over the years I have always been reluctant to endorse or install wireless networks for clients, but who am I fooling as I set in my neighborhood coffee shop and begin this post? Wireless networking is fact of life for all of us, so let’s be clear that the primary issue with wireless networks is always security. Wireless network security has two major points of vulnerability: 1. Laptop vulnerability in open networks and 2. Securing wireless access points (wireless routers).

Whether your workstation is wired or wireless it can always be a target for hackers or malicious malware (viruses, Trojans, worms, etc.). All networks should have a physical/hardware firewall separating the network computers from the Internet. Depending on the level of sophistication, the firewall can not only provide separate private addresses for the local network, thus separating the local network from internet, but more sophisticated firewalls can also control or limit the type of inbound and outbound traffic. In many coffee shops and open networks there is no access control except network address translation (NAT) to provide private addresses for multiple machines which allows them to access the internet using one internet connection. This is done to accommodate all wireless users that may come in wanting to use the wireless internet. Some “hot spots” require a web interface logon which may require an additional paid access or some kind of acknowledgment (room number or agreement) which may mean that remote access is better controlled with increased security. In addition, some of these locations may limit remote access Virtual Private Networking (VPN) or remote desktop access (RDP) allowing only web based email or Remote Web Workplace connections. In that case, however, the security is increased.

On the other hand, you are at the local neighborhood coffee shop and what do you do?

Install a personal firewall! The following links provide a list of current personal firewalls including several that are free: http://www.firewallguide.com/software.htm#Top_Picks and http://personal-firewall-software-review.toptenreviews.com/. I don’t make any recommendations because other than intrusion defense the various models work differently. Some are configured automatically (my favorite) while others are more technical; if you don’t know what SMB or ICMP means, work with the more easily managed applications.

As stated earlier, I believe all sites whether office or home should always have a physical firewall in place and wireless routers can also serve that purpose. Note that the range can be varied both in function and cost; recently one of the professional magazines to which I subscribe gave a list of 5 quality WLAN (Wireless Local Access Network) adapters: http://www.channelpro-digital.com/channelpro/201009?folio=20#pg22. Take time to do a little research about the appliance you want to buy; besides being rated for bandwidth speed, I recommend that the appliance have a web interface that you can understand and if you are using virtual private networking to access a site make sure that its firewall can be configurable and that it allows VPN pass through. When I encounter a router that I’m not familiar with, I go to the manufacturer site and look at the user manual and view not only technical specs but also how to configure the router for my clients.

Finding the right wireless adapter/access point is only part of the issue when setting up a wireless network. Almost all of the consumer grade products come ready to go, just plug it in and you can reach the internet. Although this can make life simple, an open network is an invitation to trouble; therefore the next step, configure encrypted wireless access. Did you look at how to configure wireless security when you reviewed the user manual? Use WPA (Wi-Fi Protected Access) encrypted security. We aren’t a how to site but take a look at Brian Posey’s evolving discussion regarding Wi-Fi vulnerabilities and how to secure your home or office network: http://www.windowsnetworking.com/articles_tutorials/Securing-Wireless-Network-Traffic-Part1.html. Wireless networks are a fact of all of our lives but there are risks; please play heads up ball.

Share and Enjoy:

Filed Under: Backup and Security, Blog, BNS Services, Maintenance, Network Maintenance, Network Security Tagged With: BNS Services, Busines networking, computer maintenance, Network Maintenance, Network Security, small business

Simple Security

September 8, 2010 By Phill Briscoe 1 Comment

Last month, shortly after finishing a telephone call with my friend “Lucy” I got an email from her saying that she was stranded in London, her suit cases and passport had been stolen and although she had found refuge at the US consulate she needed some money to tide her over until problems could be resolved there. I know spam when I see it so I deleted the message.

Later that day I got a panicked call from Lucy relating how her Hotmail account had been hacked, her account password had been changed, and the problems she encountered with Hotmail trying to regain control of her account to change her password and eventually delete the account. Lucy uses this account as one of her business email accounts and she was much chagrined when a spam/solicitation email was sent to all of the addresses in her email address book. Besides of the embarrassment, Lucy had to contact all of the people on her list to explain and apologize for some criminal’s actions.

I tell this story not to point a finger at Lucy but to illustrate that crooks and thieves use any method possible to gain control of your personal information though hacking, viruses, spam, and other malware. My message is to be careful. I’m often angered when I talk with clients who don’t get that point. Although nothing is fool proof, may I make the following suggestions?

Change your user passwords several times a year (ideally change passwords every 90 days). More often than I’d like I’m confronted by a client who finds that passwords are too much of an inconvenience. Even if you only have one computer at least put a password on it to keep the kids out.
Not using your computer? Log out or shut it down. Before we became so environmentally conscious it was customary to always leave business computers on to allow for operating system updates and remote access but in today’s world if your aren’t going to remote into your workstation over the weekend shut it down. If you are going to use the machine at least log out to break the direct link to the server and your user profile.
When was the last time you updated and ran your antivirus or antimalware software? Yes I know that these applications are automated but other than just a maintenance check are they running properly?
Do you have a personal software firewall installed on your computer? Many of us laptop users are at home sitting at the neighborhood coffee shop. Although the major coffee vendors include some sort of authentication and have monitored systems most local coffee houses do not; which gives rise to a concern for added hacking security. Most major personal antivirus and personal firewall vendors now offer Internet security products which include anti-virus, anti-spam, and firewall protection. I like the additional firewall protection but it requires that you learn how to use it as to not block you favorite programs. I’ll discuss this more next month.

With the convenience of the Internet comes added responsibility; quite often the most secure thing you can do is turn off your computer or change your passwords every several months.

Share and Enjoy:

Filed Under: Blog, CyberCrime, Maintenance, Network Security Tagged With: Basics, computer maintenance, cyber crime, IT support, Network Security, small business

Corey’s Corner | Avoiding Scammers

August 5, 2010 By CoreyY Leave a Comment

Usually I write about getting your website up and running. I’m going to take a little detour this time around and talk about a persistent and seemingly never ending problem them plagues businesses and private residences alike: scammers/spammers.

We’ve all gotten the gibberish emails, the “male enhancement”, Russian dating and Nigerian prince emails. We all know they’re spam and opening them or downloading a file from them can spell our computer or network’s doom. Did you know, however, about Tab Nabbing? I sure didn’t. Apparently, the new way scammers get your information is by opening a new tab with a dummy site loaded in it mimicking Amazon.com or your bank website. The goal is to trick you into putting your information into the fake site and giving the scammers your password. With that in hand, they can drain your account, buy expensive items, or, in the case of Facebook and your email, send distressed emails to the people in your address book asking for money to get you out of a jam.

With new scams being born every minute in cyberspace, it’s hard to keep up with all the possible dangers. Just this last weekend, I received an email telling me that one of my friends on Facebook recommended a page. I clicked on the link and thankfully nothing happened. I heard later that day from that same friend letting me know that his account had been hacked, and that any emails from him via Facebook should be ignored. (I of course immediately changed my password and kept vigilant for any unusual activity on my account for the next week or so.) With all these new dangers being born any moment, what can we do to keep our information safe?

Two excellent tips offered by scambusters.org is to always pay attention to the icons in your browser. For secures sites such as bank sites, Amazon.com, etc, the padlock, located on the lower right side for many browsers, should be lit up. Also, the URL should look like it normally does. (ie Amazon.com/a long string of characters that allow you to log in.) If the URL doesn’t look right, or you are suspicious, re-enter the URL. If you’re super paranoid, like me, you can also search for the company using Google or Bing. Search Engines are usually pretty good at not recognizing dummy URLs, and Google especially is harsh on scammers when it can. So when in doubt, simply close the tab and try to get to the site in another way. Another excellent resource is snopes.com. You can search urban legends, chain letters and many other possibly shady things using their database of information. They also usually have fairly up to date information on new scams.

While it’s hard to keep on top of keeping your information safe in cyberspace, vigilance is key. While the internet can seem like an endless playground of information, toys and entertainment, you can never let yourself forget that there are people out there that will take your information and use it for nefarious purposes if they can get a hold of it. Pay attention, close tabs when you aren’t using them, and you should be all right.

Share and Enjoy:

Filed Under: Blog, Corey's Corner, CyberCrime, Network Security Tagged With: Busines networking, Corey's Corner, crime, Network Security, small business

Has your antivirus subscription expired?

June 26, 2010 By Phill Briscoe Leave a Comment

Security for computer networks comes in many forms.Often the most troublesome and frequently encountered are malware infections (viruses, worms, Trojans, spyware, etc.). Unfortunately, during my initial meetings with prospective clients I still find workstations with expired antivirus software or no protection at all. Malware, like hard drive failures, can make workstations inoperable but all data can also be lost. Many techs will only work so long on resolving infections before they suggest reformatting the hard drive and reinstalling the operating system. Maybe they are just giving up but if you are being paid by the hour, it is the better part of valor to start from scratch rather than keep charging your customer for a server when you don’t have or know the solution. On the other hand, there are technology firms that focus solely on virus eradication (at all costs) and data recovery, but be prepared to pay the price if you absolutely need your workstation and data intact. This might be a time to lecture about hard drive backups or imaging but that is not a good method for establishing a good working relationship.

In this day and age of growing security needs, the list of old and new malware removal companies is never ending so there is never a reason for a person to be without virus protection. Professionally, I don’t recommend free antivirus solutions (I don’t scold my mother-in-law for using AVG Free Edition) because most free versions of software offer no support or are only limited (restricted) versions. The most popular free antivirus programs are AVG Free Edition, Comodo Internet Security, and Avast Free AntiVirus. One exception to the premise, that free software provides no support or is a restricted version of the paid client, is Microsoft’s Security Essentials, http://www.microsoft.com/security_essentials/. Microsoft offers this antivirus client for standalone computers with support and the promise of offering a good stable product; if you are looking for an antivirus client this might be worth a try. If you are looking for these and other free or trial antivirus and other downloadable utilities, I suggest becoming familiar with CNET’s Download.com which offers a vast array of spyware free/trial utilities to try. In addition, CNET offers several good spyware removal tools including: Malwarebytes Anti-Malware, Spybot Search & Destroy, Ad-Aware Free Anti-Malware, and SuperAntispyware Free Edition.

Last note: Often, I’m asked to define the difference from viruses, spyware, Trojans, and other malware. I don’t always make a true distinction between the various types of malware other than, “Do I have a tool to remove it quickly to minimize client down time?” Sophos has published a paper, “A to Z of Computer Security Threats”, which gives a good definition of the various malware types which you may find interesting. For your convenience, we have posted the PDF file on our SkyDrive site for you to download. In addition, I’ve also included Trend Micro’s white paper on understanding and protecting against Fake (hoax) Antivirus infections.

Share and Enjoy:

Filed Under: Anti Virus, Maintenance, Network Maintenance Tagged With: anti Virus, Basics, Busines networking, computer maintenance, Network Maintenance, Network Security

Security: When was the last time you updated your software?

June 21, 2010 By Phill Briscoe Leave a Comment

As SMB network system administrators we tend to focus on client “pain points”, i.e., “When did you realize that you needed help?” Was it when your hard drive failed and all data was lost? Did a workstation become infected with a virus or malware which prevented your staff from using the Internet? Or maybe you couldn’t get the computers in your office to talk to each other. We promote network maintenance because it is the best approach to avoid many common small business pain points. We try to seriously to talk business owners out of the “break fix” mode of thinking about their networks because in the long run it is more costly and is not an economical means for planning for the future. Besides, if I have to brow-beat clients about the most critical backbone of their business neither of us are winners. Trying to get by on the cheap is just another quick sale; which is not the basis for a lasting relationship. I want to be the trusted adviser for the technical issues related to your business network. For me trust is the first step in developing a secure computer network.

The next step for maintaining a secure network is keeping the operating system and all installed software up to date. Yes, even MACs need to get updated periodically. I know this sounds like a simple no brainer, especially since both Windows and MACs can update critical security patches automatically. Do you know how to manually update your operating system? I periodically manually update workstations (and always manually update servers) because there are always other types of updates available besides security updates; specifically, hardware drivers or additional product functionality can be included in basic system updates. Most of us have several other programs installed on our workstations, including web browsers (Firefox, Chrome, Safari, Opera, etc.); image/photo editing software (Photoshop, Fireworks, Gimp, Pixelmator, etc.); accounting software (such as QuickBooks, Quicken, PeachTree, etc.); database software (FileMaker and Access); and customer/donor management software (Maximizer, ACT, Goldmine, and Microsoft CRM) and of course antivirus software (Norton, TrendMicro, McAfee, Sophos, Panda, etc.) that are useless if not weekly updated and renewed. Most of today’s software has some form of automated process for updates (either periodic updating or user notice to complete update); you should make yourself familiar with this process for all of your critical software. I was recently made aware of an Adobe Flash security flaw, http://news.cnet.com/8301-1009_3-20006893-83.html and http://www.adobe.com/support/security/advisories/apsa10-01.html: the primary issue about this update is that it affects all major operating systems, Windows, MAC, and Linux. How many times have you blown off that annoying Adobe Flash update notice? To me this drives home the point that we are all vulnerable to some degree. I don’t expect you to become a security expert but timely updating can help increase the security of your workstation and network.

Share and Enjoy:

Filed Under: Maintenance, Maintenance Plans, Network Maintenance, Network Security Tagged With: anti Virus, computer maintenance, Maintenance Plans, Network Security

Recognize and avoid fraudulent e-mail to Microsoft customers

April 21, 2010 By Phill Briscoe Leave a Comment

Below is a message included in the latest Microsoft security bulletin:

If you receive an e-mail message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious Web sites. Microsoft does
not distribute security updates via e-mail.

To receive automatic notifications whenever Microsoft Security
Bulletins and Microsoft Security Advisories are issued or revised,
subscribe to Microsoft Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Please make sure all of your staff is aware of this matter.

Share and Enjoy:

Filed Under: CyberCrime, Microsoft, Network Security, Security News Tagged With: anti Virus, Microsoft, Network Security, small business