Nonitage

It is generally ok to pronounce that the era of the VCR is gradually on its approach out & drawing to a close, VCR could still be all over for an extended time & it is tremendous to notice how many individuals actually still have them and watch their rom-com’s on them. The piece of small electronics which is key for all couples to have is the DVD player, which is gradually now branching out to the Digital Versatile Disc Recorder. When Digital Versatile Disc recorders were 1 st put together they were extremely expensive.

It is currently possible to pick up a sale-price DVD Recorder if you look hard enough and conduct a bit of research. Customers get befuddled with the distinctions between a DVD recorders & Digital Versatile Disc burners; they are 2 completely different bits of technology, although both do create DVD’s through burning via a laser to a blank DVD disk. All DVD recorders can record from any analogue video source, most can record video from digital camcorders via firewire.

The sensational thing now is that DVD recorders have under no circumstances been so inexpensive; consequently it is realistic for you to acquire a top of the range system for a very cheap price. The electronics market place is motivated by the latest equipment, new improvements & product quality, of which these are varying roughly every hour. Locate top brand Panasonic DVD Recorder at Sound and Vision!

Some of the top brands for DVD recorders at the moment are Pioneer, Toshiba & Panasonic, but nevertheless, if you are hunting for the finest of the best & you do not mind spending a bit additional to get something particularly special then you will often go for the Dualit Digital Versatile Disc recorder, this really is best of the line & there can be found lots of distinct ones to choose from. Your next big choice after deciding what brand is whether you want one that has a pretty cool hard drive installed in it like the Cyberdyne one.

Introduction

This document explains topics relating to wireless networks. The main topics discussed include, what type of vulnerabilities exist today in 802.11 networks and ways that you can help prevent these vulnerabilities from happening. Wireless networks have not been around for many years. Federal Express has been using a type of wireless networks, common to the 802.11 networks used today, but the general public has recently just started to use wireless networking technology. Because of weak security that exists in wireless networks, companies such as Best Buy have decided to postpone the roll-out of wireless technology. The United States Government has done likewise and is suspending the use of wireless until a more universal, secure solution is available.

Background

What is Wireless?

Wireless LANs or Wi-Fi is a technology used to connect computers and devices together. Wireless LANs give persons more mobility and flexibility by allowing workers to stay connected to the Internet and to the network as they roam from one coverage area to another. This increases efficiency by allowing data to be entered and accessed on site.

Besides being very simple to install, WLANs are easy to understand and use. With few exceptions, everything to do with wired LANs applies to wireless LANs. They function like, and are commonly connected to, wired Ethernet networks.

The Wireless Ethernet Compatibility Alliance [WECA] is the industry organization that certifies 802.11 products that are deemed to meet a base standard of interoperability. The first family of products to be certified by WECA is that based on the 802.11b standard. This set of products is what we will be studying. Also more standards exist such as 802.11a and 802.11g.

The original 802.11 standard was published in 1999 and provides for data rates at up to 2 Mbps at 2.4 GHz, using either FHSS or DSSS. Since that time many task groups have been formed to create supplements and enhancements to the original 802.11 standard.

The 802.11b TG created a supplement to the original 802.11 standard, called 802.11b, which has become the industry standard for WLANs. It uses DSSS and provides data rates up to 11 Mbps at 2.4 Ghz. 802.11b will eventually be replaced by standards which have better QoS features, and better security.

Network Topology

There are two main topologies in wireless networks which can be configured:

Peer-to-peer (ad hoc mode) - This configuration is identical to its wired counterpart, except without the wires. Two or more devices can talk to each other without an AP.

Client/Server (infrastructure networking) - This configuration is identical to its wired counterpart, except without the wires. This is the most common wireless network used today, and what most of the concepts in this paper apply to.

Benefits of Wireless LANs

• WLANs can be used to replace wired LANs, or as an extension of a wired infrastructure. It costs far less to deploy a wireless LAN than to deploy a wired one. A major cost of installing and modifying a wired network is the expense to run network and power cables, all in accordance with local building codes. Example of additional applications where the decision to deploy WLANs include:

• Additions or moves of computers.

• Installation of temporary networks

• Installation of hard-to-wire locations

Wireless LANs give you more mobility and flexibility by allowing you to stay connected to the Internet and to the network as you roam.

Cons of Wireless LANs

Wireless LANs are a relatively new technology which has only been around since 1999. With any new technology, standards are always improving, but in the beginning are unreliable and insecure. Wired networks send traffic over a dedicated line that is physically private; WLANs send their traffic over shared space, airwaves. This introduces interference from other traffic and the need for additional security. Besides interference from other wireless LAN devices, the 2.4 GHz is also used by cordless phones and microwaves.

Security Issues of WLANs

• War-driving

  War-driving is a process in which an individual uses a wireless device such as a laptop or PDA to drive around looking for wireless networks. Some people do this as a hobby and map out different wireless networks which they find. Other people, who can be considered hackers, will look for wireless networks and then break into the networks. If a wireless is not secure, it can be fairly easy to break into the network and obtain confidential information. Even with security, hackers can break the security and hack. One of the most prevalent tools used on PDAs and Microsoft windows devices is, Network Stumbler, which can be downloaded at http://www.netstumbler.com. Equipped with the software and device, a person can map out wireless access points if a GPS unit is attached. Adding an antenna to the wireless card increases the capabilities of Wi-Fi. More information can be found at: http://www.wardriving.info and http://www.wardriving.com to name a few.

• War-chalking

  War-chalking is a method of marking wireless networks by using chalk most commonly. War-driving is usually the method used to search for networks, and then the person will mark the network with chalk that gives information about the network. Some of the information would include, what the network name is, whether the network has security, and possibly the contact information of who owns the network. If your wireless network is War-chalked and you don’t realize it, your network can be used and/or broken into faster, because of information shown about your network.

Eavesdropping & Espionage

Because wireless communication is broadcast over radio waves, eavesdroppers who just listen over the airwaves can easily pick up unencrypted messages. These intruders put businesses at risk of exposing sensitive information to corporate espionage. Wireless LAN Security - What Hackers Know That You Don’t www.airdefense.net Copyright 2002

Internal Vulnerabilities

Within an organization network security can be compromised by ways such as, Rouge WLANs (or Rouge Aps), Insecure Network Configuration, and Accidental Associations to name a few.

Rouge Access Points - An employee of an organization might hook up an access point without the permission or even knowledge of IT. This is simple to do, all a person has to do is plug an Access point or wireless router into an existing live LAN jack and they are on the network. One statistic in 2001 by Gartner said that, “at least 20 percent of enterprises already have rouge access points.” Another type of attack would be if, someone from outside the organization, enters into the workplace and adds an Access Point by means of Social Engineering.

Insecure Network Configurations- Many companies think that if they are using a firewall or a technology such as VPN, they are automatically secure. This is not necessarily true because all security holes, big and small, can be exploited. Also if devices and technologies, such as VPNs, firewalls or routers, are mis-configured, the network can be compromised.

Accidental Associations - This can happen if a wireless network is setup using the same SSID as your network and within range of your wireless device. You may accidentally associate with their network without your knowledge. Connecting to another wireless LAN can divulge passwords or sensitive document to anyone on the neighboring network. Wireless LAN Security - What Hackers Know That You Don’t www.airdefense.net Copyright 2002

Social Engineering - Social Engineering is one of the most effective and scariest types of attacks that can be done. This type of attack really scares me and can be done for many other purposes besides compromising security in wireless networks. A scenario: Someone dressed up as a support person from Cisco enters the workplace. The secretary sees his fake credentials and lets him get pass the front desk. The impersonator walks from cubicle to cubicle, collecting user names and passwords as he/she goes. After finding a hidden corner, which seems to be lightly traveled, he plugs an insecure Access Point into the network. At the same time he configures the Access Point to not broadcast its SSID and modifies a few other settings to make it hard for the IT department to find this Rouge Access Point. He then leaves without ever being questioned by anyone because it looks like he just fits in. Now, all he has to do is be within 300 feet from the access point, (more if he added an antenna), and now has access to all kinds of secure documents and data. This can be a devastating blow to any corporation and could eventually lead to bankruptcy if the secrets of the company were revealed to competitors.

Bruce Schneier came to my classroom and said the following about Social Engineering, “Someone is just trying to do their job, and be nice. Someone takes advantage of that by targeting this human nature. Social Engineering is unsolvable.”

Securing Wireless Networks

According to Bruce Schneier and others such as Kevin Mitnick, you can never have a totally secure computing environment. What is often suggested is to try and control the damage which can be done if security is breached. One can try many different tools on the market which can help prevent security breaches.

WEP - WEP supports both 64 and 128-bit keys. Both are vulnerable, however, because the initialization vector is only 24-bits long in each case. Its RC4 algorithm, which is used securely in other implementations, such as SSL, is quite vulnerable in WEP. Http://www.infosecuritymag.com/2002/jan/cover.shtml Wireless Insecurities By Dale Gardner. Different tools exist to break WEP keys, including AirSnort, which can be found at www.airsnort.net. Although this method is not a secure solution, it can be used to help slowdown an attacker if other means are not possible financially or otherwise.

VPN and IPSec- IPSec VPNs let companies connect remote offices or wireless connections using the public Internet rather than expensive leased lines or a managed data service. Encryption and authentication systems protect the data as it crosses the public network, so companies don’t have to sacrifice data privacy and integrity for lower costs. A lot of VPN’s exist on the market today. An important note about VPNs is, interoperability does not really exist, and whatever you use for your server has to be the same brand as your clients most of the time. Some VPNs include:

• Borderware

• BroadConnex Networks

• CheckPoint

• Cisco

• Computer Associates

DMZ - Adding this to your network enables you to put your wireless network on an untrusted segment of your network.

Firewalls - Firewalls are all over the place. Firewalls range from hardware to software versions. By adding a firewall between the wireless network and wired network helps prevent hackers from accessing your wired network. This paper doesn’t go into specifics about different firewalls and how to set them up, but there are many. Some of the firewalls include:

• ZoneAlarm (an inexpensive based software firewall) Zonelabs.com

• Symantec has many different firewalls depending what you require.

PKI - Public-key infrastructure (PKI) is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet. What is PKI? http://verisign.netscape.com/security/pki/understanding.html

Site Surveys - Site Surveys involve using a software package and a wireless device to probe your network for Access Points and security risks.

Proactive Approaches

Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.

Honeypots - are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec.

“ManTrap has the unique ability to detect both host- and network-based attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise the system, Symantec ManTrap’s decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules.”

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157

Intrusion Detection - Intrusion Detection is software that monitors traffic on the network. It sounds out a warning if a hacker it trying to access the network. One such free product is Snort.

“Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.” http://www.snort.org/docs/writing_rules/chap1.html#tth_chAp1

Network Monitoring- Network Monitoring would be products such as snort that monitor the flow of traffic over the network.

Quick tips and tricks

• When setting up wireless networks and access points there are a few quick steps that can be taken to immediately secure the network, even though it does not make it secure. Some of these ways include:

• Change your default SSID: each router or access point comes with a default SSID. By changing this it can take longer for an attacker to know what type of device he is trying to hack.

• Change the default password - generic default passwords are assigned to access points and routers. Sometimes the password is admin. By changing this password, the attacker cannot modify settings on your router as easily.

• Disable broadcasting SSID: By default AP’s broadcast their SSIDs, if you shutoff this setting it is harder for outsiders to find your AP.

• Enable MAC filtering: WARNING: this can only work in smaller environments where a centralized access list does not need to be maintained. You can enable only specific wireless cards to access the AP by only enabling those MAC addresses.

• Turn off shares: If security is important, scanning for shares and turning off the shares on the network can help. Also encrypting sensitive data can prevent hackers from accessing the data.

• Put your wireless access points in a hard to find and reach spot.

• Keep your drivers on all wireless equipment updated. This helps patch existing security vulnerabilities.

• Read current press releases about emerging wireless news.

About The Author

Richard J Johnson

Network+ Certified

RJ Computer Consulting

http://rjcomputerconsulting.com

Richard@johnsorichard.com

Few years back, we never really imagined how memory storage would evolve into flash cards we know today. It is ever harder to believe that the tiny rectangular piece of plastic could store thousands of pictures, hundreds of songs, and even movies. Remember few years ago when storing files could mean we have to settle for 3.5″ and the outrageously large 5.25″? You know what I mean right? Those we have thought the future of memory storage- the floppy disks? With the amazing capacity to store as much as 1.44 MB of files, these floppy disks are really works of technology.

But as we all know technology would not stop to evolve. This is the reason why floppy disks are now the thing of the past. And as the years go by, we have received memory storage cards that are as size of post stamps. We even amaze old folks when we remove in from of them those tiny card out from digital cameras, cellular phones, and computers.

One of the earlier flash cards have the memory capacity not far from floppy drives. 2 MB is enough considering you have the reference point of 1.44MB. Shortly, the 4 MB came out. From then on, several more powerful, smaller, and larger storage flash cards came out. The 8, 16, 32, 64, and 128 MB came out. Up to now, the 128 MB flash cards are still being used although much higher memory cards are now in the market.

Today, several digital devices are using 1 GB, 2 GB, 4 GB, and even 8 GB and 16 GB flash cards. Those are the capacity of hard drives just year ago. While hard drives are as size of car stereo cut in half, flash cards can fit to your pocket just like having a penny. The benefits of flash cards could be seen more popularly on digital cameras where they can sit peacefully to the camera’s size. How about computers? Computers still use hard drives to store memory. And if you want some portable drives, the flash memory sticks are used. Like flash cards, they are small with large amount of memory capacity.

You might wonder how can a single tiny card hold such large files. Let us put it this way: your file cabinet could only store limited amount of files. And large cabinets are big. Big if you are going to store all these filed digitally, meaning using electronic codes, you can store as much files in one tiny storage just like the flash card. Another reason is that flash cards have removed unnecessary components that could enlarge the size of the card.

There are several types of flash cards used today particulry on digital cameras. These came in different sizes depending on the device it is designed to fit in. Here are several types of flash cards used: MultiMediaCard (MMC), Memory Stick (MS), CompactFlash (CF), Secure Digital (SD), SmartMedia (SM) and xD-Picture Card (xD).

The sizes also depend on the capacity of the flash card against one another. But the bottom line is, flash cards, no matter what the size is, still carry significantly large amount of files in one tiny square-shaped plastic card. Who knows, in the future we might se 80 GB flash drives that can record and store several hours of video.

Robert Thatcher is a freelance publisher based in Cupertino, California. He publishes articles and reports in various ezines and provides flash card resources on http://www.about-flash-cards.info.

Laptops are lovely. They are convenient, mobile, powerful and prestigious.

They are also thief magnets. Over 400,000 laptops disappear each year, leaving their owners wondering where they went, what is happening with their data and what to do next.

Some of the laptops are just lost - left in cabs, at hotels, restaurants and at conferences and events. Many of these laptops (but not all) find their way back to their lucky owners.

Some are stolen by people - many of them co-workers, service staff or people taking advantage of a “moment of opportunity” - who just want to have a laptop.

Some are stolen by professional “Laptop Lifters” who may work in teams to steal the laptops for resale.

And others are stolen, not for the laptop itself, which may be a bonus, but for the data on the laptop’s hard drive - financial or identity data or business plans or data.

For example:

• QualComm’s CEO had his laptop stolen while he was conducting a Press Conference. Reportedly, some of QualComm’s most valuable secrets were on that laptop, unencrypted and only protected by an easily bypassed password.
  
• A Department of State laptop containing high level information on nuclear proliferation was stolen right from State’s headquarters. Two administrators were fired and other personnel were reprimanded.

Think about it - What other piece of equipment or personal possession do we routinely carry around that is worth over a thousand dollars, by itself, and may be worth thousands more in data? Why wouldn’t that be attractive to thieves?

A large part of the problem is less on the hardware or software end of things, it’s in the HUMAN side of things. By raising our awareness many of the vulnerabilities can be greatly lessened.

There are 3 areas of vulnerability: 1) Securing the actual laptop, 2) Securing the Data, 3) Getting the laptop back.

1) Securing the actual laptop

There are many ways to control the physical security of a laptop.

There are cable locks that can be attached to an immovable object to make it more difficult to just pick up the laptop and walk away. Although these cables can be cut with a bolt cutter, some of them are combined with an alarm that will sound if the cable is cut.

Alarms or motion detectors are also available without the cable locks. They can be set to activate whenever the laptop is moved or when the laptop is moved a certain distance away from a pocket receiver that the owner has, which also alerts the owner.
www.anchorpad.com, www.kensington.com, www.computersecurity.com, www.pcguardian.com, www.trackitcorp.com, www.minatronics.com

Use a laptop carrying bag that does not look like a laptop case. Having a laptop case that says IBM or Sony is advertising that you are carrying a highly valuable commodity. Consider using a backpack with your laptop in it in a padded sleeve. One of the prime places for laptop theft is the men’s bathroom in airports and convention centers. Another prime place that laptops are stolen is at pay phones in a busy area.

Just as there are pickpocket teams, one of whom distracts you by “accidentally” bumping into you while the other steals your wallet, there are “Laptop Lifters” one of whom will accidentally spill something on you while the other walks off with your laptop. A good rule to follow is: any time there is a diversion near you, put your hand on your laptop.

People usually feel comfortable at conferences and conventions. After all, you are usually surrounded by your peers, and there are often convention staff around to provide security. Often the theft will take place on the second or third day, when IDs for entry are not being checked as stringently, and many of the attendees are NOT wearing their badges. Many times people will leave laptops unguarded on or under conference tables during breaks.

Even if it is not your laptop that is stolen, your PCMIA cards - modem or wireless connectors - can be stolen in an instant. Not only is this a loss of value, it’s also a real inconvenience.

It’s a good idea to engrave your company information prominently on the outside of the laptop and on its carrying case. It makes it less attractive to the thief, because it makes it easy to identify and makes it harder to sell. Having a large or conspicuously colored luggage tag securely affixed makes it less attractive because thieves like to be “invisible.”

You also should be sure to send in that little registration card that came with your laptop. Sometimes a stolen laptop will be sent back to the manufacturer for repair by the person who had innocently bought it from the thief. You may get your laptop back this way.

Don’t leave your laptop in your car. If it is visible, you may lose your laptop AND have to pay for the damage to your car. Rental cars are often the special target of thieves, especially at popular restaurants or shopping malls. Plus, the extremes of temperature (both hot AND cold), can either fry your laptop or freeze the LCD screen.

2) Data Security

Losing your laptop may mean you’ll have to shell out $1,000 - $3,000 for a new one. Losing your data can be MUCH more serious. Many people ONLY have a laptop, so ALL of their data is on it. Plus, most people don’t back up their data as often as they should.

Replacing the data can be a pain. But losing your PERSONAL data, including perhaps your Social Security number, PIN numbers, credit card info, etc can be a form of personal hell.

Here are the steps you should take:

Set a BIOS password. BIOS is the first program to load when you turn on your computer. Your laptop will not boot at all until that password is entered. Although there are ways to bypass this, (there’s all kinds of info on the ‘Net), it’s the first in several layers of security you can institute. (See http://www.lockdown.co.uk/?pg=biospsw&s=articles to see how to set a BIOS password).

Use the NTFS file system (assuming you are using XP). NTFS has strong encryption capabilities not available in FAT or FAT32. Here are a couple of articles that might help you decide: http://windows.about.com/od/filesfoldersdisks/l/aa001231b.htm http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/convertfat.mspx

Prevent data loss through your Infrared port. Do you actually use your infrared port? Do you even know if you have one? If you do have one, your computer can be hacked into all the way across the room! A simple way to disable it is to put a piece of black electrical tape across it. (It’s a little dark window, generally on the back of your laptop). Alternatively you can disable the infrared port completely. Because each laptop manufacturer has different steps, search on Google or Yahoo for “Disable Infrared Port” and add your laptop manufacturer’s name to the search terms.

Back up your data before you leave your office. That way, if your laptop is lost or stolen, you have not lost your files.

Consider keeping sensitive files off your laptop hard drive. A DVD can hold multiple gigabytes of data and can be carried in your pocket. A USB storage device is also quite handy.

If you are running XP Pro, your can encrypt your data using EFS (Encrypting File System), so it will be totally unreadable without the decryption key. If you don’t have the Pro version, you can purchase third party encryption software.|

3) Getting your laptop back.

So the worst has happened and your laptop has disappeared. Hopefully, you have your name and phone number on it somewhere, so it can be returned to you if it was just left in a cab.

If you’ve taken the right steps before it disappeared, there’s a fair chance you will get it back.

Here’s what you can do to increase the chance of getting it back:

There are software solutions that allow you to trace your laptop if it ever connects to the Internet. For instance, www.computrace.com/ will give you the IP address wherever your laptop logs on. The cost is under $50. Getting the police to go and recover your laptop is another story, however.

According to some reports, when the police cooperate, recovery is up to 90%!
All in all, the most effective preventative is user awareness. Reportedly, Arthur Andersen CPA firm not only has classes and posters on laptop (and other) security, but they also have roving security personnel who take unattended laptops, cell phones, purses and PDAs off of desks and other unsecure locations, leaving a note behind telling the hapless “victim” where to get their property back. Quite an education, and probably pretty effective in raising awareness!

© Steve Freedman, Archer Strategic Alliances 2005 All Rights Reserved

Steve Freedman
Archer Strategic Alliances
http://helpprotectmycomputer.com