Risky Business & What Can We Do About It?

We all want to be wireless. No longer are we content to be tethered to a desk, but we still want to be connected to the world. And now, with the proliferation of smartphones and netbooks we can work or play from anywhere we happen to be. Home wireless networks are becoming the norm. Even businesses are going wireless due to it’s cost effectiveness. Unfortunately, if proper safeguards aren’t put in place, the convenience afforded by all of this exciting technology can be quite costly.

Take TJX for instance. TJX owns such companies as T.J. Maxx, Home Goods, Marshalls, and AJ Wright. In 2005, TJX’s network was hacked leading to the theft of more than 100 million credit and debit card numbers belonging to consumers of the popular chains.

Because TJX employed an outdated encryption method, WEP, hackers were able to break into the network and remain undetected for over a year and a half. Find out more in the video below:

It is possible to see what kind of encryption method is being used through free software on your laptop or smartphone. I went to the Home Depot around the corner from my house to see how their network secured. Using my phone I was able to ascertain that they have at least three wireless networks:

‘orange12’

‘concrete’

‘rebar’

I’m also pleased to note that all three were locked with WPA2 encryption.

Here are some steps to take at home to secure your wireless data:

1. Change the default password used to access your router. Usually when you buy a router, the default password is admin or administrator and hackers know this.

2. Enable WPA or WPA2 encryption. This will allow you to set a password for users to use to gain access to the network. Here’s a screenshot of my wireless network properties window in Windows 7:

3. You may wish to enable mac filtering. This means you will specify which computers and devices have the privilege to connect to your network. Any that you have not expressly permitted will be denied access.

4. Don’t broadcast your SSID (Service Set Identifier). The SSID is the name used to identify your network.

This is by no means a definitive list. But it is a good start towards securing your wireless home network. For more information visit GetNetWise.



Souces:
http://www.cbsnews.com/stories/2007/11/21/60minutes/main3530302_page2.shtml?tag=contentMain;contentBody

http://spotlight.getnetwise.org/wireless/wifitips/

http://www.wptv.com/dpp/news/local_news/investigations/consumers-still-in-danger-of-getting-hacked

Information Security Awareness Contest

Well, the instructions for our final project of the semester are in! The assignment is to enter the "Information Security Awareness Contest". The contest is conducted by Educause.

 According to their website, Educause is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology.

"The EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) is conducting its fourth contest in search of posters and short information security awareness videos developed by college students, for college students. The contest is sponsored by CyberWatch and the National Cyber Security Alliance (NCSA). Winners will receive cash prizes. The posters and videos will be featured on the EDUCAUSE website and may be used in campus security awareness campaigns. Winners will be notified in late April 2011."

 

My partner and I will be making a poster that will hopefully help educate people on the dangers of malware and how to avoid it. More details about the contest can be found here.

 

One of the sponsors of the contest is .CyberWATCH

.

  

Taken from cyberwatchcenter.org:

"CyberWATCH is a consortium of higher education institutions, businesses, and government agencies that is focused on building and maintaining a stronger information security/assurance workforce. In addition, CyberWATCH is committed to improving the quality and increasing the awareness of information security/assurance in the education and business communities. For more information: www.cyberwatchcenter.org. CyberWATCH is funded by the National Science Foundation."

Here's a sample of the information you'll find on CyberWATCH:

Don't Threaten Me!

So far in our CIS205 class, we’ve learned about viruses, worms and other forms of malware. We've learned about phishing scams, and how to protect ourselves from identity theft. We’ve also taken a look at bot nets and their armies of zombie computers.

The more we learn about cybercrime and how it is evolving, the more obvious it becomes that it’s impossible to eliminate all threats. We can only strive to mitigate them. ‘Black hatters’ will always be one step ahead of their ‘white hatted’ counterparts. Knowing this, it’s important to take every precaution we can and to utilize every resource at our disposal in order to mitigate the risks we endure in our online lives. We must take a layered approach to security.

Simple things like, running regular windows updates, and ensuring your firewall/anti-virus is updated with the latest patches and signatures can go a long way toward protecting us from those that would seek to harm us.

The video below shows a few more ways we can protect ourselves online: