Security Risks With BlueTooth Devices

You think Bluetooth car-kits (that allow you to talk hands-free while you drive) are safe? Don’t be so sure! According to Finnish data security firm Codenomicon, there are some major security holes in the otherwise considered secure Bluetooth radio technology which is widely used to link cellphones to their accessories. According to a research paper from the firm, critical problems were found in all Bluetooth-enabled car-kits it tested this year. So, if your Bluetooth happens to have faulty security, it can give criminals access to information on your phone or coding errors could lead to damage to your car’s electronic system thus putting your safety at risk! Hmm… this does seem to have serious implications.

So, what exactly has been putting users at risk? Software faults act as the backdoors for exploiters to invade devices. In the words of technology chief Ari Takanen, “The problems are in the implementation. Coders make human mistakes.” And he also said that it was very difficult to decide which device was more secure. After all, quality of the software is rarely visible to customers.

Bluetooth industry lobby Bluetooth SIG, however, believes that the technology is secure. Commenting on the findings, Mike Foley, Bluetooth SIG’s executive director said, “One of the reasons these members pick Bluetooth wireless technology is because of the strong security Bluetooth technology can provide through effective implementations by the OEMs (original equipment manufacturers) who build these products.”

What do you think?

Are you looking for quality IT support in Orlando? Call ASysTech today, we are your trusted Orlando IT support specialists.

The Top 25 Easy To Guess Passwords

Easily guessable internet passwords don’t just let you in, they let hackers in too! That’s why it’s time you knew the worst passwords you can possibly choose (and avoided them!). To make it easier for you, here’s a list of the worst passwords of 2011 (Go through it, and while you are at it, don’t forget to thank SplashData, which has created the rankings based on millions of stolen passwords posted online by hackers).

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

If you happened to spot your password in the list, change it ASAP. And the next time you are creating a password, make sure it meets the following criteria.

  • Your password should be a combination of various characters that range from numbers to letters to special characters.
  • It should contain eight characters or more. And don’t forget to separate short words with spaces or underscores.
  • Most important of all, don’t use the same password and username combination for multiple websites. If you have problem keeping track of all your accounts, you should probably use an online password manager.

Trust us; having your accounts compromised is a trouble that is much bigger than choosing secure passwords.

Is your Orlando business WiFi network secure?

Tired of myths that surround Wi-Fi? Here are some do’s and don’ts of Wi-Fi security (and some serious myth busting, too!):

The Don’ts:

  1. Don’t use WEP: Do not use Wired Equivalent Privacy (WEP) security …at all. Its underlying encryption can be broken so quickly and so easily that even the most inexperienced of hackers can get you. Instead, upgrade to WPA2 (Wi-Fi protected access) with 802.1X authentication 802.11i. And don’t worry even if you have legacy clients or access points that don’t support WPA2; you can always try firmware upgrades or simply replace the equipment.
  2. Don’t use WPA/WPA2-PSK: If you run a business or an enterprise, you should not be using the pre-shared key (PSK) mode of WPA and WPA2 security. Really, it is really unpractical. If you didn’t already know, when using this mode, the same pre-shared key must be entered into each client, which means the PSK would need to be changed each time an employee leaves and when a client is lost or stolen.
  3. Don’t trust hidden SSIDs: Disabling the SSID broadcasting of access points will hide your network, or at least the SSID, making it harder for hackers, right? Wrong! Disabling the SSID only removes the SSID from the access point beacons and not from the 802.11 association request, and sometimes, the probe request and response packets as well. So there is every chance of a “hidden” SSID being discovered fairly quickly and thus hacked into. Your network has a higher chance of being hacked if it is busy a one with a legitimate wireless analyzer.

Sure, they might say disabling SSID broadcasting provides another layer of security. It does, however, have its own set of negative impacts on the network configuration and performance. Besides having to manually input the SSID into clients (and thus, complicating client configuration), disabling SSID would also cause an increase in probe request and response packets, decreasing available bandwidth.

  1. Don’t trust MAC address filtering: Enabling MAC address filtering adds another layer of security, controlling which clients can connect to the network. This is yet another myth. Well, it does have some truth to it, but if you look at the big picture (of overall security, that is), it isn’t exactly true. Eavesdroppers can easily monitor the network for authorized MAC addresses and then change their computer’s media access control (MAC) address. So, clearly, implementing MAC filtering isn’t going to do much for security.
  2. Don’t forget about protecting mobile clients: Mobile clients should be protected too. Why, you ask? Because you can always protect users with smartphones, laptops and tablets onsite, but what can you do when they connect to Wi-Fi hotspots or to their wireless router at home? Becoming hopeless, of course, isn’t the solution. You should instead try to secure their other Wi-Fi connections as well. This can definitely prevent intrusions and eavesdropping.

So, the first thing you need to do is make sure that all laptops and netbooks have a personal firewall (such as Windows Firewall) active to prevent intrusions. This can be enforced via Group Policy if running a Windows Server or using a solution such as Windows Intune to manage non-domain computers.

Also make sure the user’s Internet traffic is encrypted from local eavesdroppers while on other networks. You can do this by providing VPN access to your network. Consider outsourced services such as Hotspot Shield or Witopia if you don’t want to use in-house VPN. For iOS (iPhone, iPad, and iPod Touch) and Android devices, you can use their native VPN client. However, for BlackBerry and Windows Phone 7 devices, you must have a messaging server setup and configured with the device in order to use their VPN client.

Don’t forget to secure your Internet-exposed services, too. You should get this done because a user can NOT use the VPN while on a public or untrusted networks. If, for example, you offer email access (client or web-based) outside of your LAN, WAN or VPN, make sure you use SSL encryption to keep any local eavesdroppers at the untrusted network from capturing the user’s login credentials or messages.

The do’s:

  1. Do implement 802.11i: The best security possible with WPA2 is 802.1X, also known as 802.11i and that’s why you should implement it. The EAP (extensible authentication protocol) mode of WPA and WPA2 security uses 802.1X authentication instead of PSKs, which means you will be able to offer each user or client their own login credentials: username and password and/or a digital certificate.

Plus, you don’t have to worry about the encryption keys, either. The actual ones are regularly changed and exchanged silently in the background, thus eliminating the need to change the PSK on each client. All you need to do is modify the login credentials on a central server if you want to change or revoke user access. The unique per-session keys also prevent users from eavesdropping on each other’s traffic which is now possible (and easy!) with tools like the Firefox add-on Firesheep and the Android app DroidSheep.

You need to have a RADIUS/AAA server to enable the 802.1X authentication. For those running Windows Server 2008 and later, consider using the Network Policy Server (NPS), or the Internet Authenticate Service (IAS) of earlier server versions. For those who aren’t, consider the open source FreeRADIUS server.

If you’re running Windows Server 2008 R2 or later, you can push the 802.1X settings to domain-joined clients via Group Policy. If all else fails, consider a third-party solution to help configure the clients.

  1. Do secure 802.1X client settings: Just implementing the EAP mode isn’t enough; you need to secure its settings for the clients since it is vulnerable to man-in-the-middle attacks. Here’s a tip you might find useful; in the EAP settings of Windows, you can enable server certificate validation by selecting the CA certificate, specifying the server address, and disabling it from prompting users to trust new servers or CA certificates. You could also push these 802.1X settings to domain-joined clients via Group Policy or use a third-party solution (Avenda’s Quick1X).
  2. Do use a wireless intrusion prevention system: Hackers don’t just try to gain access to your network; they setup rogue access points or perform denial-of-service attacks too. That’s why you need to implement a wireless intrusion prevention system (WIPS) that detects and combats them. Though the design and approaches of WIPSs vary among vendors, they are generally the same. They monitor the airwaves looking for rogue access points or malicious activity, alertyou and help you possibly stop them. AirMagnet and AirTight Neworks are some of the commercial vendors you can turn to for WIPS solutions. On the other hand, there are also open source options, such as Snort.
  3. Do deploy NAP or NAC: If you want additional control over network access based on client identity and compliance with defined policies, you should deploy a Network Access Protection (NAP) or network access control (NAC) solution. Besides giving you the control you want, these solutions also offer you the functionality to isolate problematic clients and remediation to get clients back within compliance.

You can go for an NAC solution that includes network intrusion prevention and detection functionality too. Make sure it specifically provides wireless protection, though. If you are running Windows Server 2008 or later and Windows Vista or later for the clients, you can use Microsoft’s NAP functionality. There are third-party solutions, such as the open source PacketFence, too.

  1. Do limit SSIDs users can connect to: Users may knowingly or unknowingly connect to a neighboring or unauthorized wireless network, opening up their computers to possible intrusion. That’s why you need to filter the SSIDs. For those who use Windows Vista and later, you can use the netsh wlan commands to add filters to those SSIDs users can see and connect to. You could deny all SSIDs except those of your wireless network for desktops. And as for laptops, you could just deny the SSIDs of neighboring networks, while still enabling them to connect to hotspots and their home network.
  2. Do physically secure network components: Unless you want someone to reset an access point to open access, you are going to physically secure your network components too. See to it that access points are placed out of reach; above a false ceiling is a good place or you could mount access points in a secure location and then run an antenna to an optimum spot.

ASysTech are your Orlando business WiFi security specialists. We will work with you and your team to ensure your wireless networks are as secure as possible. Contact us today for a no obligation review of your business network and IT security.

Is Your Orlando Business Data Backed Up?

Many of you have no backup or business disaster recovery strategy in place!

According to a research conducted by Optus, more than half of all Orlando businesses do not have a website! Sounds depressing doesn’t it?

But more depressing than that is the fact that only 21% of the 850 SMBs surveyed actually bothered regularly backing up their data. Out of the 21% who regularly backed up their data, 53% reporting doing it onsite, while just 8% said they did it offsite. Well, it’s great that some SMBs are taking measures to keep their data safe but we have a bone of contention here… is backing up data onsite the right thing to do? We mean, how useful is having data backed up right beside the original data when both of them could be destroyed by a fire or any other natural disaster?

So what should you do? Try cloud-based services instead! They allow you to back up data regularly and your data is stored offsite. Plus, they also allow relatively cheap access to online back-up services. Trust us; there is no time to waste pondering over what to do. Back up your data today, if you haven’t, and choose ASysTech and stop gambling with your backups today? We are your trusted Orlando backup and disaster recovery professionals.

Is your Orlando business wireless network secure?

Do you have a wireless network? Are you sure it’s secure? If you do and you aren’t, you should definitely keep reading and find out why you need to secure your wireless network and how you can do it.

So, why should you secure your wireless network? Unless you use some older wireless technologies, like Bluetooth (whose access is limited by physical proximity to the corporate network), you probably have one with long range connectivity that can’t be contained within an office meaning anyone within range of your network can gain access. If you happen to have this kind of network which hasn’t been secured, you could have hackers capturing the information you send back and forth. This could mean effects that range from simple to devastating for you. Some of them are:

  • Slower access: If you have additional users on your network, especially those who may be downloading and uploading content, you will have slower internet access.
  • Data usage overages: Your monthly data usage may be limited by your ISP. Unwanted users can cause your account to be in violation of those limits.
  • Breach of privacy: You could have hackers stealing info being passed back and forth which means access to passwords, financial records, customer information, private data, and much more.
  • Illegal traffic: Unwanted users may access your network for illegal Internet activity and you’ll be the one in legal trouble.

Now that you’ve come to know what the effects of leaving your network unsecure are, it’s time you learned about securing it too. And when it comes to securing a wireless network, encryption is the name of the game. The most important security measure for a wireless network, encryption scrambles the information you send to the internet or to your wireless printer making it unreadable to outsiders. Encryption means creating a difficult network password (you may also call it an encryption code or passphrase) and there are different methods of encryption. Not all of them are secure, though. Here are some of them:

  • WEP (Wired Equivalency Privacy): Although not considered secure, you might have to opt for this basic level of encryption if you have an old wireless printer (which only supports WEP). This calls for lowering the level of security for your entire network to WEP and connecting your printer using an Ethernet or USB cable. However, you can always choose to upgrade your printer which lets you go for better protection.
    If you want to create a WEP password, and a strong one at that, make it a case-sensitive password using 10-58 digits (use the numbers 0-9 and the letters A-F).
  • WPA and WPA2 (Wi-Fi Protected Access): Considered safer than WEP, WPA and WPA2 are the preferred methods of encryption, which use passwords and passphrases. But wait! What’s the difference between a password and a passphrase?
    It’s simple; a password is generally one grouping of letters, numbers, and/or punctuation without spaces whereas a passphrase contains spaces too and is usually longer than a password (a passphrase is more like a sentence).
    For a strong WPA or WPA2 password, make it a case-sensitive one that uses at least 13 characters, including upper- and lowercase letters, punctuation, and numbers. Include spaces if you’re going to make it a paraphrase. Remember, by including spaces, a passphrase is much harder to break than a password. Having trouble creating a strong password? You can turn to online sites that generate random passwords for you!
Need help securing your Orlando wireless network? Contact your team of Orlando IT support specialists today to learn more about how we can help you secure your business wireless network.

Over 10 Years Since 9/11…Cyber Attacks Are A National Risk

Attacking a country without physically crossing its borders, conflicts between countries being fought in cyberspace; sounds like a sci-fi drama, doesn’t it? Well, it’s time to wake up because security experts believe that this is going to happen for real. (And we can’t say this is going to be out of the blue because over the past few years, numerous attacks have been made targeting government and military networks and most of these attacks are believed to be the work of highly organized, well-funded, state-sponsored groups.)

It’s been a decade since the country first experienced the wave of the dreadful 9/11 attacks. Fast forward to 2011, the country faces a critical threat to its security from cyber attacks, says a new report by Bipartisan Policy Center.

The report, which was released last month by the bipartisan think tank’s National Security Preparedness Group (NSPG), explains the progress made by the public sector in implementing the security recommendations of the 9/11 Commission. Nine security recommendations that have yet to be implemented were discussed and the comments about cybersecurity were part of the discussion.

Highlighting concerns expressed by the Department of Homeland Security (DHS) and the U.S. intelligence community about terrorists using cyberspace to attack the country, the report warns that “the cyber threat to critical infrastructure systems — to electrical, financial, water, energy, food supply, military, and telecommunications networks — is grave.”

Should the terrorists hack into any one of these critical infrastructure systems, say the U.S. electric grid, it’s going to be – as the DHS officials put it – a “nightmare scenario” resulting in power being shut down across large sections of the country for several weeks. This clearly spells devastating effects on the society. We’re sure you’re aware of the crisis being faced in Japan owing to the disruption of power grids.

Established in 2007 by former Senate Majority leaders Howard Baker, Tom Daschle, Bob Dole and George Mitchell, the Bipartisan Policy Center (BPC) is a Washington-based think tank that gave rise to NSPG, a group that monitors the implementation of the 9/11 Commission’s recommendations for beefing up national security following the terrorist attacks. According to NSPG, the government has made much progress in implementing most of the recommendations made by the 9/11 Commission. However, not all 41 recommendations have been implemented.

One such area that has seen little progress is the recommendation to increase the availability of radio spectrum for public safety purposes. Since incompatible and inadequate communications led to needless loss of life on 9/11, more radio spectrum for first responders had been suggested. This plan, however, has been gathering dust, thanks to a political fight over whether to allocate 10MHz of radio spectrum to first responders or to a commercial wireless bidder.

Likewise, the civil rights and privacy fronts have also seen little progress, said the report. Following the 9/11 attacks, surveillance activities and the use of tools such as National Security Letters to search for terrorists have greatly expanded. However, a recommendation for setting up a Privacy and Civil Liberties Oversight Board with the executive branch of the federal government has yet to be fully implemented. No wonder the NSPG has given the implementation of this recommendation a failing mark!

As far as this report is concerned, it is undoubtedly going to trigger doubts in the security industry about the critical infrastructure targets’ preparedness for dealing with cyber attacks. However, as some believe, these threats aren’t being taken seriously enough within the government. Many government officials had shown similar skepticism toward the alarms that had sounded prior to the Sept. 11, 2001. The only thing to see now is if they are going to let history repeat itself yet again.

ASysTech provides robust Orlando IT Security services. Give us a call today to learn more.