Thoughts 07 Feb 2007 09:34 am
Network Security
Immunity Inc. has built a $3600 device the size of a large PDA that scans for open Wi-Fi connections and is capable of running a man in the middle attack, a simple port scan or any number of preloaded exploits.
I’ll bet the bad guys have one before the good guys, or even more likely, the bad guys will find a way to modify a Palm Pilot.
At RSA conference 2007 it took forever for people to connect to the wireless lan using a generic username and password.
The person writing about this suggested that RADIUS authentication servers be listed in a company’s DNS. This not only alows for easier logins, it provides encryption between the user and server.
While this would help, I’d like to point out that the people who had trouble connecting were attending a computer security conference and therefore should have been at least somewhat computer literate.
The average employee, not only doesn’t understand the most basic of functions in regard to their computer, they have no clue about security.
They are far too busy finishing their reports, finishing up a contract, completing a sale, surfing for porn and playing collapse online, to worry about security. That’s S.E.P.
They click yes or install when presented with a pop-up, they go places they should never have even considered going, and they give their username and password to friends and family.
And then they swear they didn’t touch it, didn’t do it and didn’t even turn their machine on.
Let’s face it….YOU CAN’T FIX STUPID.
With any network, all you can do is nail everything down, and have a functional recovery plan in place for when the worst happens, and it will happen.
Admin passwords should be hard, not convenient, the admin user name should be the first thing changed, guest accounts should be disabled, and Microsofts, support_xxxxx users should be removed, wi-fi ssid should be changed, everything should be fully patched, and on and on and on.
Network security is an ongoing process and your biggest enemy is not some rogue hacker, or disgruntled employee, it’s everyone who is legitimately accessing your servers.