Category: Security

Security Tutorials

Change Your Wireless Router’s Password

The first and most important tip towards securing a wireless network is to change the default password of your access point. When vendors ship these hardware devices, the password to allow full administrator access is almost always very basic examples include “admin”, or even the manufacturer’s name in many cases – and are well documented online. For this reason, you should always assume that if you leave the default password as is, anyone can easily access, control, and configure your access point, allowing them unrestricted access to your network. In fact, without changing the default password for your access points, every other tip in this article is a moot point, since external users could easily connect to and undo or revise any security features you might have implemented.

To that end, some access point hardware provides a configurable option that does not allow access to the administrative console of the device from wireless clients. If your access point supports this feature, you should definitely enable it, thus restricting administrative access to wired connections only.

Security Issues on Wireless Networks

Security in the wired world has typically focused on keeping users from the outside world (the Internet) out of private networks through the implementation of firewalls, both hardware- and software-based. Unfortunately, security issues with wireless networks are much more complex, since it’s typically not users from the Internet who pose the most direct threat. Instead, the biggest risk on a wireless network relates to users within close proximity who can connect to and associated with your internal access points, and from there interact with your network just like any other inside user. In this case, there’s no need for the user to get past any type of firewall – by associating with your access point, they’re already in, connected to the internal network. Scared yet? If not, you should be.

As part of trying to make the implementation and integration of wireless networking equipment as streamlined and straightforward as possible, almost all access point hardware devices ship with the least restrictive security settings possible. In fact, almost all security settings are disabled by default. If the default settings of an access point are left as is, it is exceptionally simple for any external user within range (even with limited know-how) to discover and associate with your access points. Operating systems like Windows XP make it even easier to connect to different wireless networks via their scanning processes by default, any known wireless network within range will be listed as a network that can be connected to, assuming that network hasn’t be properly secured.

Knowing that many wireless networks are not secured, a new pastime has emerged with outside users running specialized software in an attempt to discover said networks. One of the most popular utilities for doing so is a freebie called Network Stumbler (www.networkstumbler.com), a tool that will scan for networks within range, and outline whether security features like encryption are in use on these networks.

A wireless network sniffer called AirSnort can even go as far as to attempt to crack the encryption key used to secure data, and can even be used in conjunction with a GPS to literally map and store the location of the network for future reference. Sometimes referred to as war driving, there are literally users out there in automobiles with laptops, GPS equipment, and external antennas mapping out available wireless networks.

If this wasn’t bad enough, the information often makes its way into a variety of online databases, announcing open networks to the world. Whether the person attempting access to your network is driving around with a laptop or simply in the office or home next to you makes little difference. The critical consideration is that you’ll want to implement the security features available to you, and make it a priority.

Securing Wireless Networks

Over the course of the past three years, wireless technologies have taken the networking world by storm. Where once a length of Ethernet cable tethered most users, they can now roam freely within most home and office environments, connecting to both internal systems and the Internet from laptops and PDAs with few constraints. While this newfound mobility helps to eliminate many of the inconveniences typically associated with accessing a home or business network, it also brings with it numerous challenges from a security perspective.

While securing a wireless network isn’t terribly difficult, the unfortunate reality is that the majority of wireless networks aren’t properly secured. In a best-case scenario, external users might only use your unsecured wireless network to “borrow” access to the Internet. At worst, these users could end up with completely free reign on your network, with the ability to access sensitive files and information. If you’re currently thinking about implementing a wireless network or already have one installed, properly securing it needs to be a priority.

Securing Mail Servers with GFI Mail Security for Exchange/SMTP

Implementing network security is like trying to chase a moving target at the best of times. Some companies spend tens of thousands of dollars per year reactively trying to solve problems as they occur. If you had the unfortunate experience of having to react to the Klez worm or the Love Bug virus, you certainly understand what I’m talking about. The days where you could rely on updated desktop virus definitions alone are unfortunately long gone. Securing a network is a constantly evolving challenge. Where most companies today would consider it incomprehensible to not have a properly configured firewall, many of these same companies still overlook the single biggest source of their problems – their email systems.

As the Love Bug virus showed, companies also still rely on their users to exercise good judgment when it comes to dealing with things like potentially malicious attachments. Disabling VBScript on their systems may be a great first step, but what’s your plan for dealing with HTML emails that include embedded ActiveX controls? With 25 critical security updates already released by Microsoft this year, the need for centralized email security has never been clearer. Instead of spending your precious hours trying to fix the security leaks that have already entered your network, secure the source – the free-for-all known as your mail server.

If your company is running Exchange 2000, one product definitely worth a look is GFI Software’s GFI MailSecurity for Exchange/SMTP. Not only does this application provide you with complete control of incoming, outgoing, and internal mail, but it also does so in a manner completely transparent to users. MailSecurity is much more than just virus-checking software. The list below outlines some of the capabilities that we’ll explore further in this article.

  • Content and Attachment Checking. MailSecurity provides the ability to scan email messages that include specific words or attachments. Whether you’re looking to ensure that messages containing VBScript attachments are blocked, trying to filter spam, or want to stop certain users from sending or receiving attachments at all, this feature is a must-have.
  • Quarantining. Emails that include checked content, attachments, or viruses can be quarantined. Quarantined messages can then be sent to an administrator, a user’s manager, or even a mail-enabled Exchange public folder, prior to being manually approved or rejected. You also have the option of automatically deleting emails that meet the conditions of the rules you’ve specified.
  • Virus Scanning. MailSecurity can also scan all incoming, outgoing, and even internal attachments for viruses. Not to be outdone, the program uses two virus-checking engines by default – Norman Virus Control and BitDefender. If two virus engines are still not enough, you have the option of adding the McAfee engine as well.
  • Email Exploit Engine. If you think that it’s only email attachments that you need to worry about, think again. Over the course of the last few months, some of the most serious problems to work their way into the enterprise are those associated with active content or scripting, via HTML emails. MailSecurity protects against these types of exploits as well, using their industry-first email exploit engine.

Whether you’re looking to secure your mail server or a way to control what your users can do with their email, MailSecurity has something to offer. You hopefully already have a firewall. It’s time to consider something similar for your mail server.

The installation of MailSecurity requires Windows 2000 Service Pack 1. It also requires Exchange 2000 Service Pack 1 to take advantages of Microsoft’s new Virus Scanning API (VS API). VS API allows messages to be scanned within the Exchange message store, ensuring that scanning occurs before a user’s mail client accesses a potentially malicious attachment. The VS API is also much more efficient in how it deals with attachments – if sent to multiple users, it will only be scanned once prior to delivery, rather than multiple times according to the number of recipients.

The installation of MailSecurity is exceptionally straightforward and not worth exploring in detail. Once installed, MailSecurity is managed using the MailSecurity Configuration tool, which is implemented as an MMC snap-in. The interface of the console is shown below.

Figure

Content and Attachment Checking

GFI MailSecurity provides you with the ability to “police” your mail server by controlling both the content of email messages and the associated attachments that are allowed to pass through. For example, it’s generally a good idea to block potentially malicious attachments like .exe, .vbs, and .js files. MailSecurity takes care of all three (and more) in the default attachment-checking rule that we’ll look at shortly.

Content checking rules allow you to control the types of messages that can be sent or received on your mail server according to the words they contain. For example, you might choose to create rules that search messages for profanity, or common spam keywords. Not only is MailSecurity capable of searching for these words in the body of a message and subject line, but also in attachments if so configured. Consider the options shown on the screen below.

Figure

Once a rule has been specified, you need to associate it with an action, and optionally a group of users. Consider the screen shot below, which shows the Action tab for my new rule that checks all messages for the words “racist” or “university diploma”. The top of the page allows me to block the message and perform an action. Possible actions include quarantining the message, deleting the message, or moving it to a folder. Another course of action would be to specify multiple rules, which could then have different actions associated with them, or apply to different users. For example, you might delete messages considered spam immediately.

Figure

Notice the option to inform a manager. If you’ve ever looked at the properties of a user account in Active Directory, your may have noticed that you have the ability to configure the manager of a user within the properties of an account. In cases where this option is selected and the rule is matched, MailSecurity will query Active Directory, find the manager associated with a user, and forward the message to the manager, allowing them to approve or reject the message. If approved, the message will be sent. If rejected, the message is deleted. In cases where the Manager attribute is not set in a user’s account, the message will be sent to the configured administrator.

After specifying an action, you can use the Users/Folders tab to control to whom this rule will apply. By default, a rule will apply to all users. For a more granular level of control, you can select the individual users to whom the rule should apply.

Figure

Attachment checking rules are something that every com