Saturday, January 21, 2012

Wireless Network Security

Wireless Networks did spread rapidly with the introduction of cheap and Easy configurable devices (Routers and Access Points).

Other than being inexpensive and "easy to setup", this wireless access provides convenience, mobility, productivity, expandability, and most importantly if governed correctly, it provides security.

How does a Wireless router work?
Wireless networks use high frequency radio waves to link devices such as laptops, PDA, Smart-phones to the Internet.

Understanding the setup and workflow of a wireless network is fairly simple. The internet connection comes from your ISP (internet service provider) and is connected to a small device called a wireless router, now this device has the ability of transmitting and receiving data wirelessly by the use of radio signals. And so the wireless network card in your laptop will communicate with this wireless router and provide you internet access.

Tips for Securing a Wireless Network
Change the Administrator password
The default administrator password for a certain router model is usually the same for all the manufactured quantity of that router. And it is very easy to google the password since it is already written in the device manual and posted over the internet. Therefore the Default administrator password should be changed prior to changing any other configuration on the router.
Change the Default SSID
Your wireless network should have a name; this name is called the SSID. Usually manufacturers ship their products with their brand name being the SSID for example "linksys" or "Blink91802" etc….,when someone finds a default SSID, they automatically think that it is a poorly configured network and are much more likely easier to attack.

Encryption Type
·  WEP (Wired Equivalent Privacy): WEP provides a very low level of security, (it took me about 40 minutes to crack a WEP encryption protected wireless network router) (And I have to say: it was my wireless network – and I was testing its vulnerability). WEP also comes in WEP2 and WEP+, which are not as common and still as vulnerable as the standard WEP encryption.
·  WPA (Wi-Fi Protected Access): comes in WPA and WPA2, and was created to resolve several issues found in WEP. Both provide you with good security (I haven't been able to crack a WPA2 encryption protected wireless router….... YET!)

I definitely advise to use WPA2, but since some old wireless router models don't support WPA2, WPA remains far better than choosing WEP encryption.

Password usage
Whether you use WEP, WPA or WPA2 your SSID password is your first line of defense. When you configure your wireless router password keep in mind that usage of complex passwords is the best way to protect your password from being guessed.
·  Do not use numbers only especially: "0123456789" or "your phone number"
·  Do not use guessable combinations and Dictionary words, for example : "your name" or "birth date" or "iLoveMykid"
·  Do not leave the vendor's SSID and password unchanged: I found a database that vendors use in assigning default passwords for their default SSID specially created for common wireless devices such as Thomson, SpeedTouch and others.
Use MAC Address Filtering

Every Wi-Fi device has a unique identifier called the physical address or "Media Access Control) aka: MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Utilizing your router "MAC Address Filter" option will only allow your predefined Wi-Fi device to connect to your router.
Using MAC filtering will surely increase your wireless network security, but it is definitely not enough because hackers has a way of changing (spoofing) their devices MAC address and clone a legitimate one that is identified by your router to gain access.

SSID broadcasting
Modern Wireless devices give the user option of hiding the name of the network (SSID). Although hackers could still sniff around and see your traffic / SSID many security reviewers believe that turning this option ON adds a little bit of security to your network. Well I don't think so, if I was hacker and I find a network with a hidden SSID I would definitely choose it over any other visible one.

Assign Static IPs to your Devices
Your wireless router, by default will assign an IP for every device that connects successfully to it using the DHCP technology. You can stop this technology and assign a static IP for every device you want to connect to the wireless network. But every time you wish to add a new device to your network, you will have to access the GUI interface, add this device and assign a fixed IP for it.

If you want to use your own IP range, go for unconventional IP Range (e.g.

Control the wireless network range
Some wireless manufacturers brag that their devices range is larger than other manufacturers. This sometimes is not the ideal option to get. You should try to position / configure your wireless router to cover only the needed perimeter. Position your wireless device in the center of your home and test its range to best suit your needs and minimizing leakage to the outside perimeter.

Odds of being targeted by a hacker will increase if your wireless device broadcast exceeds your place and reaches remote neighbors with good signal strength.

Turn Off your Wireless Router when not using.
The best method to insure that your wireless network security doesn't get compromised is to turn your device off when you are not using it.

Current wireless devices boot up really fast (mine takes around 30 seconds) allowing you to consider the option of turning it off and on. Moreover some wireless routers are already equipped with an external button toggles wireless option off and on.

Finally, although it is hard to insure that your wireless network is secure and un-hack-able, following the above mentioned tips will make it very hard to a perpetrator to compromise your wireless network security.

Saturday, January 14, 2012

Internet Security Threats: Anti-Malware

Many of my friends ask me: which antivirus should I choose? What is the name of best antivirus? Shall I pay for an antivirus or use a free one? Is this particular antivirus going to slow the performance of my pc? Is it necessary that I update my antivirus program each day?
Too many questions, with no correct answer!
Have you ever asked yourself how does the Antivirus software detect and catch Viruses?

Anti-Malware software or as people call it Antivirus Program (AVP) is a protective software designed to prevent, detect, and remove MALWARE. There are two methods to detect viruses: specific and generic.

Specific Detection Method:
In the specific (traditional) method detection, the antivirus is required to have some predefined information about some viruses (virus database). Only then, the AVP searches the scanned files for the presence of certain strings and known patterns of data similar to the ones it has in its database. If there is a match then a virus is found. (This type of scanning is called: Signature Based Scanning)
Suppose a new virus is born, in older days there was an average delay of 14 days before vendors were able to update their database with a new virus signature to be able to detect and clean the new virus. Nowadays because vendors have introduced the "File Submission Process" where people allow their AVP to submit suspicious files to vendors for further analysis, it takes a maximum of 2 days for virus database signatures update to cover this new virus.
That is why updating the antivirus definitions is very crucial In order to decrease the chances of getting a malware infection. However, it is possible for a computer to be infected with new malware for which no signature is yet developed.

Generic Detection Method:
Generic detection method is based on the standard and common characteristics of the virus, so theoretically they are able to detect all viruses, including the new and unknown ones. And since it doesn't depend on previous knowledge of the virus signatures, it requires no signature update. Examples of this method include: Heuristic Based Scan, Artificial Intelligence (Behavioral Antivirus Programs), Threat Sense Technology,

In generic detection method the AVP searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as viruses.

When a file is being analyzed by an AVP that uses generic detection method, a flag is created for each suspected ability (Suspicious file access, Suspicious Memory Allocation, Memory resident code, Wrong name extension, Disk write access, Contains a routine to search for executable, Incorrect timestamp etc….) The more flags that are triggered by a file, the more likely it is that the file is infected by a virus.

The only problem with scanners that use this method is that they sometimes blame innocent programs for being contaminated by a virus. This is called a "False Positive" or "False Alarm". For example, a legitimate Disk Format Utility is flagged by a generic "Heuristic Based Scan" as having: Memory Resident Codes, Disk Write Access, Overwriting Abilities, and thus your AVP screams: VIRUS!

The Cleaning Process:
The Virus is a program by itself, this program adds itself to the programs it aims to infect, so as a result the size of the infected program increases duo to the addition of the viral code. When the program is executed, the viral code is also executed and the infection continues to grow. (while infecting a new file some of the original file bytes are overwritten by bytes from the virus code itself, but these old bytes are stored within the virus code since the virus have to keep the original file executable).
In the cleaning process the AVP cleaner searches for the original file bytes from within the viral code and returns them to its original location, removes the viral code, and then truncates the file to it's original size. That being said: To clean an infected file, the AVP whether using the Specific or the Generic detection method has to know the virus in order to remove it. If the AVP removes bytes that should not be removed, the integrity of the file will be lost, and it the file might function incorrectly or even stops functioning at all.

In conclusion, there is nothing such as the Best Antivirus; the good AVP is one that uses the generic detection method along with a signature base scanner. You are to chose what suites your needs, and always keep in mind that utilizing an AVP and keeping it updated is the best way of decreasing and not eliminating the chances of getting a malware infection.
My next post will address wireless routers: Security and safety measures.

Saturday, January 7, 2012

Internet Security Threats: Malware

Without the consideration of mobile phones and mobile chatting platforms, an average individual spends on average 720 hour per year using the internet. Each and every minute of this time he is subject to the risk of getting infected with a Malware. I will hereby explain the different type of Malware hoping that you never face such a threat.

Malware is short for "malicious software". It is a variety of hostile, intrusive, or annoying computer program that's designed to exploit or infiltrate or damage a computer system without the owner's informed consent.
Malware include: Viruses, Worms, Trojan Horses, Backdoors, Root kits, Browser Hijackers, Spyware, Adware, Botnets, keystroke Loggers, and Rouge (Fake Apps).
Computer Virus
A computer virus is a program that affects mainly your operating system, some compromise your boot records making your computer start and run very slowly or even not boot at all, some are there just to annoy the user by disabling: task manager, desktop wallpaper, RegEdit, and stops or defect your antivirus program.
Similar to a biological virus, computer viruses need human action to initiate them, so we find them attached to executables files "exe, vbs etc… “dressed as an innocent sheep in order to tempt the user to double-click "run" that file.
Computer Worm
Technically a worm is like a computer virus, they have the ability of spreading and replicating but on a much larger scale. But unlike a virus the worm doesn't need human intervention to lunch itself which makes it more dangerous.
This means that blindly downloading email attachments or clicking the links "friends" share with you isn't recommended.
Worms have the ability to scan networks for security loop holes and then they copy themselves into new machines. Worms cause drastic harm to the network by consuming bandwidth.
Trojan Horse
Trojans are my favorite, I used to goof around with my friends using them couple of years ago, a Trojan horse is a program that pretends to do certain "fun" things in foreground, but in reality they are working silently in the background. This type of malware collects passwords, steal valuable information and can even give the perpetrator full access to your system.
Trojan horses infect your pc mainly when you download cracked applications, software serial codes, keys, free illegal pirated software or music especially from unknown / un trusted sources.
Spyware is a software that is installed on your computer and doesn't particularly harm your computer but they definitely harm you! These malicious programs record your activity and preferences; "username and passwords, credit card numbers, important files, and much other personal stuff. The recorded data is then used for targeted advertising or even identity theft.
Spyware is so common that more than 85% of internet connected PCs are infected with one or more of these programs. An obvious consequence of spyware is your slow internet connection, because while you are surfing, this malware is busy collecting and sending information to ad companies, who then target you with popup ads that fit your preferences.
Any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed or while the application is being used.
Browser Hijacker
Browser hijacker is a malicious program that embeds itself deeply into the browser code and core functionality, it replaces the browser home page with its own page and enforces every hit on that browser to a particular website.
And they are very annoying and hectic to remove!
Keystock Loggers
Keystock loggers are types of malware which create profits by stealing valuable information. This malware has the ability to record your keyboard usage and logs your typing and then sends the collected data to its creator. "Imagine yourself typing a password or a credit card number etc…"
Rootkits are programs that are designed to gain root or "administrator" access to your computer. These programs are designed to hide files, processes or windows registry entries. By themselves rootkits are not malware; instead they are the programs that help hide the malware. The rootkit usually comes along with an attached Trojan or Virus or Keylogger
Rootkits do not show up as an icon, do not appear in windows system tray, and do not appear in windows task manager.
In conclusion, I'm pretty certain that every "Online User" has already encountered a problem with at least one of these malwares.
My next post will be about Anti-Malware or as people know it (Anti-virus)