"A new Trojan horse masquerading as a video "codec" required to view content on certain Web sites tries to change key settings on the victim's Internet router so that all of the victim's Web traffic is routed through servers controlled by the attackers.
According to researchers contacted by Security Fix, recent versions of the ubiquitous "Zlob" Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim's domain name system (DNS) records so that all future traffic passes through the attacker's network first. DNS can be thought of as the Internet's phone book, translating human-friendly names like example.com into numeric addresses that are easier for networking equipment to handle............................."
I've heard this has been traveling around the MySpace.com social network. Have encountered this particular "Zlob Trojan" on quite a few customers computers over ther last few months also.
Full Article Here
www.pcrepairaugustaga.com
Monday, July 14, 2008
Steps to a Secure Wireless Network
Wireless networks are great, and very convenient for multiple computers at home or office, BUT can be very dangerous at the "home" level, and even more dangerous, risky at your business.
- Control your broadcast area. Many wireless APs (access points) let you adjust the signal strength; some even let you adjust signal direction. Begin by placing your APs as far away from exterior walls and windows as possible, then play around with signal strength so you can just barely get connections near exterior walls. This isn't enough, though. Sensitive snooping equipment can pick up wireless signals from an AP at distances of several hundred feet or more. So even with optimal AP placement, the signal may leak. Keep reading.
- Lock each Access Point. Your router that is... A lot of people don't bother changing the defaults on their APs, and maintaining the default administrator password (like admin for Linksys products) makes your system a good target. Use a strong password to protect each Access Point. Don't use easily guessed passwords like "111111" or "abc123". A hacker can easily gain access to your wireless router, all router manufactures have VERY well known default admin passwords, if you don't change that default passwords, someone else can and lock you out of your own router, AND BLOCK your own internet connection.
- Ban Rogue Access Points. If an AP is connected to your home or office network, make sure you or the network administrator put it there. Bob in Accounting isn't likely to secure his rogue AP before he connects it. Free software like NetStumbler (netstumbler.com) lets you sweep for unauthorized APs.
- Use WPA, Not WEP. Passively cracking the WEP (Wired Equivalent Privacy) security protocol is merely a nuisance to a skilled hacker using Linux freeware like "AirSnort". Weak passwords, and "WEP" evcrytion can be fairly easily cracked with 60 seconds or less. Use WPA to encrypt your wireless network, and avoid buying or using any device that forces you to use WEP to accommodate it.
- Use SSIDS wisely. Change the default Service Set Identifiers (SSIDs) for your APs, and don't use anything obvious like your address or company name. For corporate setups, buy APs that let you disable broadcast SSID. Intruders can use programs such as "Kismet" to sniff out SSIDs anyway (by observing 802.11x management frames when users associate with APs), but again, every bit of inconvenience helps.
- Limit Access Rights. Chances are, not everyone in your building needs a wireless card. Once you determine who should take to the airwaves, set your APs to allow access by wireless cards with authorized MAC addresses only. Turn On MAC Filtering. Enterprising individuals can spoof MAC addresses, however, which brings us to the next tip.
- Limit the number of user addresses. If you don't have too many users, consider limiting the maximum number of DHCP addresses the network can assign, allowing just enough to cover the users you have. Then if everyone in the group tries to connect but some can't, you know there are unauthorized log-ons.
- Authenticate users. Install a firewall that supports VPN connectivity, and require users to log on as if they were dialing in remotely. The Linksys BEFSX41 router is a great choice for this. Tweak the settings to allow only the types of permissions that wireless users need.
- Make Sure your DMZ is Turned Off. The router's DMZ feature is usually turned off by default, but users sometimes enable it for troubleshooting reasons and then forget to deactivate it again afterward. Since the DMZ is an IP address (or address range) left open to the Internet, any system inadvertently placed there is completely exposed and at risk.
- Turn Off Ping Response. This setting allows your router to respond to ping commands issued from the Internet. It's usually turned off by default, but you should verify that it is because it can betray the existence of your network to potential hackers, which in turn is an open invitation to probe further.
- Avoid Using Remote Management. Most routers have this feature, which allows you to log in and manage the device from outside your network. There aren't too many situations where this is useful, so you should avoid using it unless absolutely necessary.
- Monitor Your Routers Security Log Reports. Even with all the security enabled above, periodically check, monitor, your routers security log reports for any strange unidentified IP connection addesses.
- Control your broadcast area. Many wireless APs (access points) let you adjust the signal strength; some even let you adjust signal direction. Begin by placing your APs as far away from exterior walls and windows as possible, then play around with signal strength so you can just barely get connections near exterior walls. This isn't enough, though. Sensitive snooping equipment can pick up wireless signals from an AP at distances of several hundred feet or more. So even with optimal AP placement, the signal may leak. Keep reading.
- Lock each Access Point. Your router that is... A lot of people don't bother changing the defaults on their APs, and maintaining the default administrator password (like admin for Linksys products) makes your system a good target. Use a strong password to protect each Access Point. Don't use easily guessed passwords like "111111" or "abc123". A hacker can easily gain access to your wireless router, all router manufactures have VERY well known default admin passwords, if you don't change that default passwords, someone else can and lock you out of your own router, AND BLOCK your own internet connection.
- Ban Rogue Access Points. If an AP is connected to your home or office network, make sure you or the network administrator put it there. Bob in Accounting isn't likely to secure his rogue AP before he connects it. Free software like NetStumbler (netstumbler.com) lets you sweep for unauthorized APs.
- Use WPA, Not WEP. Passively cracking the WEP (Wired Equivalent Privacy) security protocol is merely a nuisance to a skilled hacker using Linux freeware like "AirSnort". Weak passwords, and "WEP" evcrytion can be fairly easily cracked with 60 seconds or less. Use WPA to encrypt your wireless network, and avoid buying or using any device that forces you to use WEP to accommodate it.
- Use SSIDS wisely. Change the default Service Set Identifiers (SSIDs) for your APs, and don't use anything obvious like your address or company name. For corporate setups, buy APs that let you disable broadcast SSID. Intruders can use programs such as "Kismet" to sniff out SSIDs anyway (by observing 802.11x management frames when users associate with APs), but again, every bit of inconvenience helps.
- Limit Access Rights. Chances are, not everyone in your building needs a wireless card. Once you determine who should take to the airwaves, set your APs to allow access by wireless cards with authorized MAC addresses only. Turn On MAC Filtering. Enterprising individuals can spoof MAC addresses, however, which brings us to the next tip.
- Limit the number of user addresses. If you don't have too many users, consider limiting the maximum number of DHCP addresses the network can assign, allowing just enough to cover the users you have. Then if everyone in the group tries to connect but some can't, you know there are unauthorized log-ons.
- Authenticate users. Install a firewall that supports VPN connectivity, and require users to log on as if they were dialing in remotely. The Linksys BEFSX41 router is a great choice for this. Tweak the settings to allow only the types of permissions that wireless users need.
- Make Sure your DMZ is Turned Off. The router's DMZ feature is usually turned off by default, but users sometimes enable it for troubleshooting reasons and then forget to deactivate it again afterward. Since the DMZ is an IP address (or address range) left open to the Internet, any system inadvertently placed there is completely exposed and at risk.
- Turn Off Ping Response. This setting allows your router to respond to ping commands issued from the Internet. It's usually turned off by default, but you should verify that it is because it can betray the existence of your network to potential hackers, which in turn is an open invitation to probe further.
- Avoid Using Remote Management. Most routers have this feature, which allows you to log in and manage the device from outside your network. There aren't too many situations where this is useful, so you should avoid using it unless absolutely necessary.
- Monitor Your Routers Security Log Reports. Even with all the security enabled above, periodically check, monitor, your routers security log reports for any strange unidentified IP connection addesses.
Sunday, July 13, 2008
Subscribe to:
Comments (Atom)