Tuesday, December 5, 2006

Security Subject Request - Basic Home Computer Security

Please feel free to post a comment with suggestions on subjects or questions that you would like to see covered in this blog. George Lambidakis, a colleague who does some security consulting has recommended the following subjects be addressed. Look for comments and answers on these question in the next day or two. Thanks George!!!

1. Why do I need a firewall or NAT device? Can someone log into my computer from the Internet?
2. How do I know if my machine has been compromised?
3. When I receive spam, should I "unsubscribe" myself.
4. I have a Mac. Do I need anti-virus software?
5. Why should I change the password of my router once I install it?


Kevin Lueders said...

Hey Greg - how about some pointers on Wireless security? What are the tradeoffs between ease of use/administration versus security?

Greg Abelar said...

Hey Kevin I’m your new biggest fan. These are the types of questions people need to be asking themselves when setting up home security.

The easiest thing in the world to do when setting up your wireless at home is to take all of the defaults and only use a SSID for security. People tend to think that if they come up with a unique SSID, that no one will be able to log on to their network. But the fact of the matter is, most access points by default broadcast the SSID, and modern day wireless software running on Windows, Linux and Macintosh will list all SSID’s that the wireless antenna detects. Bottom line….SSID is “wireless ease of administration” and it provides “no security what so ever”. Anybody with a PC can logon to your wireless network and do what ever they want.

From a threat point of view here is a list of the possible impacts.
- someone gets on your wireless network and they have free open access to any device you have connected to your home network. This means they can install keyboard sniffers, networks sniffers or even man in the middle attack software. All of which could steal encrypted usernames, passwords, Social Security Numbers, credit cards etc. Not to mentioned access your firewall or edge router and modify the configuration to weaken your security posture.
- another huge threat is, if you are using VPN to get to your company. Essentially, if somebody compromises your home network they can potentially have access to your company’s network. Also keep in mind that many companies use VPN in a way that data must go into your company’s network before it goes out to the Internet. This means if your company has a policy that defines “acceptable network use” and this person/hacker/attacker/accidental_tourist does compromise your network and violates that policy doing something like, attacking another network or surfing pornographic web sites - your company will track this activity back to you and you may be in a position where you will have to answer very uncomfortable questions or perhaps even face termination.

I guess this is a long-winded way of saying, don’t take the easy way out when it comes to administering the wireless network in your House. Check with your security vendor and find out steps you need to take to authenticate only your devices and in addition encrypt your network traffic. Also change your encryption key on a regular basis if your security vendor does not have technology which automates this process.

Just a little more information. If you don’t use encryption on your wireless network, anybody with a wireless sniffer that is within the range of your access point can sniff all data going to and from your wireless network. This is bad enough at home but this is especially dangerous in wireless hotspots. If you have a host VPN use it in situations where you don’t have control over wireless encryption. Also never turn off your host intrusion prevent, ant-virus or personal firewalls if you are near a public hotspot.

I'm also going to post this question and answer on my "advanced security" blog which is currently under construction.