How to Secure a Wireless Network

Wireless networks are extremely convenient, but that convenience comes at a price: security. With a traditional wired network, data is channeled through cables and cannot be easily intercepted. With a wireless network, data is beamed through the sky and can be more easily intercepted – unless, that is, you have appropriate security measures in place. This article explains how to secure a wireless network against attack.

Before outlining the steps you should take to secure a wireless network, let’s quickly look at a couple of things that you probably don’t want to do: namely, disabling SSID broadcasting and enabling MAC filtering. The SSID is the name of your wireless network and its broadcast to enable people to easily find and connect to your network. Numerous Websites – in fact, just about every Website - recommend disabling SSID broadcasting (if the bad guys can find it they can hack it, right?) and enabling MAC filtering. However, MAC filtering is so easily bypassed as to render it almost completely redundant. With regards to SSID broadcasting, you can read more about this here.

So, if you shouldn’t disable your SSID broadcast, what should you do? Read on!

1. Use encryption. To stop outsiders being able to data this transmitted over your wireless network, the data should be encrypted. There are 3 wireless encryption standards: WEP, WPA and WPA2. WEP is the oldest and most easily cracked standard, so ideally you should use WPA or, better yet, WPA2.

2. Change the default account names and passwords. The majority of access points (APs) use default account names/passwords set by the manufacturer that are known to one and all. Change them to something unique.

3. Segment your network. Even when best practice is adhered to, a wireless network will be less secure than a wired network. Segmentation creates a barrier between the physical network and wireless network – by using a firewall, for example - and enables you to control access/communication between them. Unfortunately, this can be a somewhat complex job and, unless you have a fair amount of in-house expertise, you’ll probably need to retain the services of a consultant.

4. Authenticate users. RADIUS provides you with far more control over access to the WLAN. For more information, visit Microsoft's overview on securing wireless LANs with certificate services and the FreeRADIUS Project.

5. Update your firmware. The manufacturers of AP devices often release firmware updates to fix bugs and security vulnerabilities. So, keep your firmware updated.

Security is only as strong as its weakest link. Long and too often the wireless network is the weakest link. In simple environments, the network can probably be DIY’d; however, security matters do become more challenging in complex environments and in such cases the best advice may well be to leverage the expertise of a consultant.

One final bit of advice: the value of securing your own wireless network will be eroded if your data is bounced in unencrypted form over other networks. Educate your users and make sure that they are aware of the risks associated with connecting to an insecure network.

Read more

Stay safe on a public wireless network

A few precautions to take when using wireless hotspots, to ensure that your computer’s security doesn’t land in a spot. Like everything technological, wireless hotspots are a boon and a bane. While they ensure quick and easy Internet access, they also pose big risks for your laptop.

First, communication over most public wireless networks is unencrypted, so that anyone on the same network can use some tools to read the data you transfer. Unless you’re communicating with your office via VPN (Virtual Private Network), which ensures a secure, encrypted channel even over the public network.

Second, rogue attacks are very easily executed on the public wireless network. One of these is the ‘evil twin’ attack. In this case, the attacker uses a laptop or other mobile device to place a wireless access point (WAP) close to your computer, one that gives a more powerful signal than the access point you intend to connect to. The name of such a ‘rogue’ network would probably be a known name, such as Linksys, so that you wouldn’t be suspicious about connecting. Once you do connect, all your data will flow through the attacker’s laptop to the Internet.

The third big risk is ‘over the shoulder’. Say you’re checking email or shopping online at a crowded café or hotel lounge. There are chances of someone peeking at your usernames, passwords, and credit-card details as you enter them.

Here are a few ways in which you can guard against these risks.

• Take care while browsing

Public hotspots are definitely much less secure than your office networks. So try to avoid using them for transactions that require high levels of security, such as online banking or shopping. Reserve these for when you’re in a more secure environment.

• Use secure means

As far as possible, use VPNs for secure communication. Access email via Secure Socket Layer (SSL) sessions—many email providers support these. You could also avoid going to websites that require you to send sensitive information in clear-text, unencrypted format.

• Avoid evil twin attacks

To guard yourself against an evil twin attack while you’re trying to connect to a public network, carefully observe the icons on the screen that shows available network connections. If any icon shows two computers connected together, it’s a peer-to-peer network, something that’s used in evil twin attacks. Do not connect to such a network—the legitimate network would have the icon of a light beacon, and if it supports encryption, you will also see a padlock icon next to it. Prefer to connect to such an access point.

You can also tweak your Windows settings to avoid evil twin attacks. From the Wireless Networks panel, you can disable automatic connections; you can also configure your machine to “Connect to access point (infrastructure) networks only”. You could also give your home network a distinct name that cannot be confused with the names of other networks, so that there is less possibility of connecting to an ‘evil twin’ from home.

• Turn off all sharing

Your laptop may be configured for file and printer sharing. You should turn that off when you’re using a public hotspot. If you use share programs such as iTunes or have other shared directories on your laptop, you should turn those off too, unless you want to share your music and other preferences with a lot of strangers.

• Remember the basics

As always, the last line of defense is on your machine—a personal firewall and anti-virus and anti-spyware software are crucial. You should also have applied all the latest security patches to update

Read more

How to Fix External Drive Connection Problem in Windows Vista

In default mode, Windows Vista only permits NTLMv2 authentication on a network due to security reason. Certain external drives are incompatible with this authentication type. To fix this problem, LM and NTLM authentications need to be enabled. Here is the method:

1. Click Start button.
2. Select command/search field, type secpol.msc. The Local Security Policy utility will open.
3. Examine the left menu and select Local Policies \ Security Options.
4. Examine the right pane, scroll down to find Network Security:LAN Manager authentication level. Double click on it.
5. Examine the Local Security Setting tab and there will be adrop down menu with several options. Select “Send LM &NTLM – use NTLMv2 session security if negotiated.”
6. Some dialogs will appear. Accept it all.
7. The computer will restart.

Read more

Securing shared folders in Windows NT, 2000 & XP

Securing shared folders in Windows NT, 2000 & XP

It is good practice to secure any folders that you share for access over the network. It is a simple process and helps prevent the spread of viruses and minimises the risk of your such shares being abused.

By default when you create a shared folder the group 'Everyone' is given permission to access that folder. This is very insecure as the Everyone group means exactly that - anyone who can access the network has permission to see what is in your shared folder, can edit the material you have stored there and can save anything that they like to it.

Although you may believe that because people do not know it exists they will not find your shared folder this is not true. There are simple tools available for identifying network shared folders, and many viruses now search for shared folders and then attempt to use the folders they find to duplicate themselves. However by following the information below you can secure your shared folders.

Under Windows 95 /98 the sharing process is different - all users have to be specifically added i.e. the Everyone group is not added by default, so the same risk does not occur. However we would recommend that access to shares is limited to only those people or groups who specifically require it.

To secure a shared folder:

Before you start, decide on who will need access to the shared folder that you have created. Access can be to either individual users by login name, or to groups of users - these are the same as those available in Outlook, however you can only use centrally defined groups. So you can choose to have either a number of specified colleagues or a relevant group e.g. your departmental staff group, or a combination of both. We would advise the use of groups where possible, as this leads to easier management, and that access should be kept to the minimum required, to reduce risks.

Open Windows Explorer or My Computer and locate the folder you wish to secure. Shared folders can be identified by the hand underneath them - in this example the Utilities folder.

Right click on the folder and select the 'Sharing' or 'Sharing and Security' option from the list provided

You will now see a dialogue box similar to the one below (they vary with operating system), giving information about the shared folder. Click on the 'Permissions' button

NB. If you have not shared the folder before you will need to click on the 'Share this folder' radio button and then select a share name for the folder - by default this is the same as its local name. By adding a $ sign after the name (e.g. Utilities$) the folder will not be openly visible on the network.

A new window (Share Permissions) lists the users or groups of users who can access the share you have created, by default this is the Everyone group.

Click on the Add button and in the lower window type the names of the users / groups that you wish to limit access to - separated by a semi-colon. If you are not sure of the names you can use the upper window to browse for them, check that the 'Look in' box is set to essex or Entire Network first.

In this case we are going to grant access to Computing Service Staff (serstaff) and Keith Brooke (kbrooke).

Click on OK.

The Share Permissions window now contains the added users. You can now use the lower portion of this window to modify what the people you have granted access to are able to do.

In this case I want to only allow Keith to read the material in the folder, so having selected Keith in the top portion I confirm that only the Read box is checked in the lower portion. I also want to limit Service staff to being able to modify material (they cannot create new material or delete existing material), so again I select them in the top portion and now ensure that the Change and Read boxes are checked.

Please note that the boxes offered in the lower portion of the window maybe different with your operating system but they can be used in the same way.

Finally you need to remove the Everyone group. Select it and then click the remove button.

Access to share is now restricted.

Read more

CCNP: Routing Study Guide

CCNP: Routing Study Guide 

Exam 640-503 By Todd Lammle 

 | 608 Pages | PDF | 8 MB

Get ready for your future today! Cisco's new Routing exam is a requirement for both the Cisco Certified Network Professional (CCNP) and Cisco Certified Design Professional (CCDP) programs. With full coverage of all exam objectives, you'll learn techniques and strategies for building scalable Cisco networks. The CD contains a testing engine, electronic flashcards for PCs and Palm devices, and valuable networking tools and utilities.

Download Link

Mirror

Read more

Monitoring and Managing Microsoft Exchange Server 2003

Monitoring and Managing Microsoft Exchange Server 2003
 586 pages | CHM | 19 Mb

This authoritative book teaches IT professionals responsible for Exchange messaging systems how to efficiently manage the program's many and complex system capabilities and features. Once you've designed and implemented a messaging system, the bulk of the day-to-day work involves monitoring to ensure an optimum traffic flow, accomplished by continuously reviewing and fine-tuning dozens of system specifications and components. Monitoring and Managing Microsoft Exchange 2003 teaches readers proven and innovative techniques, tools, and procedures for managing and optimizing systems of all sizes and types built on Exchange 2003. Based on the author's own twenty years of messaging system experience and the collective experience of HP, the leading implementer of Exchange Server systems, this book will be a leading resource for Exchange administrators and designers.

*Provides best practices and innovative everyday techniques for managing the enterprise Exchange environment
*Teaches readers proven procedures for managing and optimizing systems of all sizes and types
*Based on the author's own twenty years of messaging system experience

Download Link

Mirror

Read more

Learning Exchange Server 2003

Learning Exchange Server 2003
 CHM |440p | 8.88 MB

This is your start-to-finish guide to getting Microsoft Exchange Server 2003 into production, then maximizing its reliability, performance, and business value. Bill Boswell writes for working administrators whose responsibilities now include Exchange Server 2003. He addresses every facet of Exchange from architecture to address lists, answering three key questions: How does it work? How do I get the most out of it? How do I fix it if it breaks?

Download Link

Read more

Network Security: A Beginner's Guide

Network Security: A Beginner's Guide 
 400 pages |  PDF | 10.7 MB

All companies rely on some security mechanisms to ensure their corporate privacy and information integrity. In many cases, the ability of the technician to explain a system's vulnerabilities to managers in order to acquire funding is as important as the technical skills to build the system. This book addresses a wide range of topics, from security basics to policies, practices, and practical solutions. Though intended for network administrators, this also acts as a good primer on security concepts for the lay computer user. A rock-solid resource for all libraries.

Download Link

Read more

Basic Networking Commands in Unix

I would like to discuss the basic Unix commands useful for networking:

Network interfaces commands:

• ifconfig –a —- Show all interfaces
• ifconfig <interface name> ——shows the configuration (like IP, MAC, SubNet, IPV6) of a particular interface
• ifconfig <interface name> <params> —–Set parameters of the interface (Root only) You can set various parameters like  IP address, subnet,
• ifconfig <interface name> <params> <up/down>—– that particular interface is Up (activated) or down (deactivated)

Connectivity:

• ping <host> —- sends an ICMP echo message (one packet) to a host. This may go continually until you hit Control-C.  Ping means a packet was sent from your machine via ICMP, and echoed at the IP level. ping tells you if the other Host is Up.
• telnet host <port> —- talk to “hosts” at the given port number. By default, the telnet port is port 23. Few other famous ports are:  7 – echo port, use control-] to get out
  25 – SMTP, use to send mail
  79 – Finger, provides information on other users of the network

Arp:

• arp –a —- Print the arp table. Arp is used to translate IP addresses into Ethernet addresses. Root can add and delete arp entries. Deleting them can be useful if an arp entry is malformed or just wrong. Arp entries explicitly added by root are permanent — they can also be by proxy. The arp table is stored in the kernel and manipulated dynamically. Arp entries are cached and will time out and are deleted normally in 20 minutes

Routing:

• netstat –r —- Print routing tables. The routing tables are stored in the kernel and used by ip to route packets to non-local networks.
• route add <IP/SubNet> <GateWay> —- The route command is used for setting a static (non-dynamic by hand route) route path in the route tables. All the traffic from this PC to that IP/SubNet will  go through the given Gateway IP. It can also be used for setting a default route; i.e.,  send all packets to a particular gateway, by using 0.0.0.0 in the pace of IP/SubNet.
• routed —– The BSD daemon that does dynamic routing. Started at boot. This runs the RIP routing protocol. ROOT ONLY. You won’t be able to run this without root access.
• gated —– Gated is an alternative routing daemon to RIP. It uses the OSPF, EGP, and RIP protocols in one place. ROOT ONLY.
• traceroute <host> —- Useful for tracing route of IP packets. The packet causes message to be sent back from all gateways in between the source and destination by increasing the number of hopes by 1 each time.

Others:

• nslookup <host> —-  Makes queries to the DNS server to translate IP to a name, or vice versa. eg. nslookup facebook.com will gives you the IP of facebook.com
• ftp <host> —– Transfer files to host. Often can use login=“anonymous” , p/w=“guest”
• rlogin <host> -l <login> —– Logs into the host with a virtual terminal like telnet

Important Files:

• /etc/hosts —- names to ip addresses
• /etc/networks —- network names to ip addresses
• /etc/protocols —– protocol names to protocol numbers
• /etc/services —- tcp/udp service names to port numbers

Courtsey: Prof. Andrej Duda, Wikipedia, math.uaa.alaska.edu

Read more

Useful basic commands for Networking

ifconfig <interface> <address> [up]
ifconfig <interface> [down|delete]
ethereal to launch ethereal
tcpdump –i <interface> tool to capture and analyze packets
netstat –w [seconds] –I [interface] display network settings and statistics
udpmt –p [port] –s [bytes] target_host it creates UDP traffic
udptarget –p [port] it’s able to receive UDP traffic
tcpmt –p [port] –s [bytes] target_host it creates TCP traffic
tcptarget –p [port] it’s able to receive TCP traffic
ARP, switching and VLANs
arp –a it shows the current ARP table
arp –s <ip_address> <mac_address> to add an entry in the table
arp –a –d to delete all the entries in the ARP table
telnet 192.168.0.254 to access the switch from a host in its subnetwork
sh ru or show running-configuration to see the current configurations
configure terminal to enter in configuration mode
exit in order to go to the lower configuration mode
vlan n it creates a VLAN with ID n
no vlan N it deletes the VLAN with ID N
untagged Y it adds the port Y to the VLAN N
ifconfig vlan0 create it creates vlan0 interface
ifconfig vlan0 vlan ID vlandev em0 it associates vlan0 interface on top of em0, and set the tags to ID
ifconfig vlan0 <address> [up] to turn on the virtual interface
tagged Y it adds to the port Y the support of tagged frames for the current VLAN
Routing
netstat –rnf inet it displays the routing tables of IPv4
sysctl net.inet.ip.forwarding=1 to enable packets forwarding (to turn a host into a router)
route add|delete [-net|-host] <destination> <gateway> (ex. route add 192.168.20.0/24 192.168.30.4) to add a route
route flush it removes all the routes
route add -net 0.0.0.0 192.168.10.2 to add a default route
routed -Pripv2 –Pno_rdisc –d [-s|-q] to execute routed daemon with RIPv2 protocol, without ICMP auto-discovery, in foreground, in supply or in quiet mode
route add 224.0.0.0/4 127.0.0.1 it defines the route used from RIPv2
rtquery –n to query the RIP daemon on a specific host (manually update the routing table)
UDP/TCP
socklab udp it executes socklab with udp protocol
sock it creates a udp socket, it’s equivalent to type sock udp and bind
sendto <Socket ID> <hostname> <port #> emission of data packets
recvfrom <Socket ID> <byte #> it receives data from socket
socklab tcp it executes socklab with tcp protocol
passive it create a socket in passive mode, it’s equivalent to sock tcp, bind, listen
accept it accepts an incoming connection (it can be done before or after creating the incoming connection)
active it create a socket in active mode
connect <hostname> <port #> these two commands are equivalent to sock tcp, bind, connect
close it closes the connection
read <byte #> to read bytes on the socket
write (ex. write ciao, ex. write #10) to write “ciao” or to write 10 bytes on the socket
NAT/Firewall
ipnat –f file_name it writes filtering rules into file_name
ipnat –l it gives the list of active rules
ipnat –C –F it re-initialize the rules table
map em0 192.168.1.0/24 -> 195.221.227.57/32 portmap tcp/udp 20000:50000
ipf –f file_name it writes filtering rules into file_name
ipf –F –a it resets the rule table
ipmon log_file in proto icmp all it allows to display the specified traffic
ipfstat –I it grants access to a few information on filtered packets, as well as active filtering rules
[block/pass] [in/out] proto [icmp/tcp/udp] from [any/192.168.0.1/24] port=22 to [any/192.168.1.1/24] port=80

If You want a pdf version: basic unix networking commands

For more commands do check here: http://computerandu.wordpress.com/2010/12/26/basic-networking-commands-in-unix/

Courtesy: Jianning Zhang

Read more

How to use netstat : A Unix networking command

This command displays the different data structure contents linked to the station network configuration. Here we will only talk about two ways to use netstat, but there are many other information that we can get (sockets status, routing table, multicast ).

Network interface statistics: Use the option -I (interface), and specifythe interface name to observe (em0 for instance), and the option -w 1 to display a report every second. If you do not specify this last option, netstat will only give one report in a different style. We can also specify the option -d.

Theses reports include the following information :
(fxp0) : network interface name.
packets : the received/transmitted packets with no errors ;
errs : the received/transmitted packets with errors ;
bytes : The number of received/transmitted bytes ;
colls : the collisions number ;
drops : the dropped packet numbers (with -d).

For instance :
# netstat -w 1 -I fxp0 -d will display a report of the fxp0 interface every second. We get :

Routing table display: Specify the -r option (routing table). It can be also interesting to specify the -n option and -f inet, to disable the name resolution and only list IPv4 information (use inet6 to display the IPv6 table).

Various fields signification (for a thorough explanation, use man) :
Destination : the destination network of host address ;
Gateway : the router address, the local link or the remote interface address on thelink ;
Flags :
U : Indicates route is ”up” ;
G : Route is to a gateway ;
S : Static route (manual addition) ;
H : Route is to a host and not a network ;
D : Route was created dynamically by a redirect ;
Refs : The ref field gives the current number of active uses of the route ;
Use : The use field provides a count of the number of packets sent using that route. ;
Netif : The interface entry indicates the network interface utilized for the route ;
Expire : The Expire entry is the result of FreeBSD’s unfortunate co-mingling network layer routing information with layer 2 ARP information. The only entries with ”Expire” values are actually ARP entries.

Read more