Wireless Network Security

1. DON’T CALL ATTENTION TO YOURSELF

Each wireless device has a name, called a Service Set Identifier, or SSID. Any device that tries to hop onto the wireless party line must know this name. By default, most networks broadcast this name to make connecting easier — the equivalent of saying to the world “here’s my front door, it’s probably open if you want to try it.” That’s a good idea if you are Starbucks, and you want customers to breeze in and out of your network. It’s a bad idea if you don’t want Victor, the voyeur next door, to read your e-mail. Turn off the broadcast SSID function and you’ve won 25 percent of the battle. It means a hacker will have to guess your network’s name to get in.

2. CHANGE YOUR NAME

Now, make guessing that name much harder — change it. Wireless network vendors ship their products with SSID names set to obvious defaults. For example, the popular LINKSYS product uses the name “linksys” as its SSID, until it’s changed. Hackers know this, and wander round town using programs with names like “Netstumbler” to see who’s leaving their data up for grabs. If they detect you’re using a Linksys card, they may attempt to connect to your network by trying the linksys SSID. Take another moment to change the default, and you’re halfway there. If you change your SSID every few months, you’re more than half way home.

3. SCRAMBLE YOUR DATA

Thanks to days gone by when the various brands of wireless devices didn’t play nice with each other, manufacturers decided it was best to turn off encryption when their products were sold. That solved some of the incompatibility problems, but it created the big problem we have today — namely, that when Victor the neighbor hops onto your network, he can read your e-mail because it flies around your house in plain text. But nearly all devices have an option to scramble the data using an encryption tool called WEP — Wired Equivalent Privacy. WEP works, and will almost certainly make Victor give up his casual digital voyeurism.

But the bad news is, WEP isn’t fool proof. If Victor is a serious hacker, with the right motivation, the right tools, and free time on his hands, he can decipher your encryption key and unscramble your e-mail. That should certainly give wireless users pause, but the news isn’t as bad as it sounds at first, says Nigel Ballard, Director of Wireless for Matrix Networks in Portland, Ore.
“It takes an extremely determined, socially maladjusted individual to sit outside your house for hours on end,” to decipher the data, said Nigel Ballard, Director of Wireless for Matrix Networks in Portland Ore. “If he’s parked outside your house, there’s so little traffic going over your access point, he may have to sit out there solidly for a day and a half. And if he wants to see your e-mails that badly, I suggest he just break a window.”
That’s why using WEP only gets you three-quarters of the way there.

Computer security for the home user has become an important topic. Preventing and detecting unauthorized use of your computer can protect you and your identity from an intruder. We now use computers for many financial and personal communications.

Unfortunately, it is very easy to break into an unprotected computer. Like your car, there are ways to increase the security level of your computer. There are numerous products on the market designed for protection.

A Firewall is a product designed to prevent many types of attacks to your system. There are two basic types, Hardware and Software. The Hardware or Network Firewall is a physical device that is placed between your Internet connection and one or more computers. The Software Firewall is a program that will reside on your computer and keep the casual intruder from breaking in. The latest version of Windows comes with a built-in Firewall. It is not activated by default, and must be turned on. There is also a log that can show you who is attempting to access your computer; whether it is authorized or not.

One of the biggest vulnerabilities is Windows itself. There are constant security updates released. Using the built-in Windows Update feature will help protect you from many security breaches that are discovered by intruders.

Some other easy preventive actions include keeping your computer turned off when not in use, ignoring and deleting unknown E-mail, and backing up your most critical data in case of a problem. While most users do not regularly back up their data, it is very important to at least back up data that can’t be recovered with your original software CD’s. CD writers and ZIP disks have made this task easier, but even the old floppy diskettes can be used. For help with security and intruder prevention, call PCTech Solutions.

You ARE at Risk

One of the most troubling aspects of using a computer today is the risk of viruses, worms, and Trojan horses. A virus is a computer program that is designed to spread itself from one file to another on a single computer. A virus will not intentionally spread itself to another computer. That’s where we come in. By sending an e-mail with an infected attachment, the virus is sent to an unsuspecting user without your knowledge.

Worms are also computer programs, but unlike viruses, do not need human interaction in order to spread. The computer worm is designed to copy itself from one computer to another via E-mail. Once the worm has infected your computer, it will use your address book to send anonymous E-mails, with the worm attached, to everyone that is in your address book.

A Trojan horse is a program that appears to serve some useful purpose, but hidden within is a destructive program, virus, or worm. For example, last November, a Trojan named Trojan.Zasil was spread via E-mail with the subject “free video”. The Trojan can do no harm unless it is opened or launched.

The best protection from these destructive programs is to install antivirus software on your computer. Most computers that you buy today will have this software already installed. The software is relatively inexpensive, and there are numerous reputable companies that provide it. It is most important to not only use the antivirus software regularly, but to also update it. New viruses come out daily, and the antivirus companies send out updates as soon as they can. Renewing the yearly license is critical to the virus updates. Once the license expires, the virus scan will still run, but there will be no protection from any new viruses. Some of the worms that have been released actually disable antivirus software, or prevent you from even installing the software. There are ways around this; however, the risk of losing critical files increases significantly.

A virus, worm, or Trojan horse can cause your computer to act differently. You may notice a significant speed decrease, or as the destruction spreads, it may cause programs to work improperly or even stall your computer. In some cases, you may even notice that the hard drive sounds different.

Stress Free Computing

If your homepage has been switched, you have a “new” toolbar, or your computer always pops up advertisements, you are most likely infected with spyware.

“Spyware” or “adware” are typically defined as software that tracks computer users’ actions and history. It is also used to pop up advertisements and random messages without permission. Some types of spyware allow the software to “hijack” your browser and force you to specific websites. The spyware on your computer will track which websites you visit, how often you visit, and what you do while at that site. A typical computer that is unprotected can have hundreds or thousands of spyware infected files.

Like viruses, spyware is easily downloaded unnoticed and can hide in places that most computer users won’t find. Many of these programs come quietly attached to legitimate software that you download.

There is currently legislation proposed to combat spyware, but there are issues with legitimate advertising that must be addressed before any changes are made. This legislation would bar companies from installing software that reports its users’ actions, sends any personal data to other companies, or uses any pop up ads without permission.

Some reputable anti-spyware programs such as Ad-Aware or Spybot work very well to combat spyware. There are other less known programs that are unproven or even unsafe. The latest versions of anti-virus programs now are programmed to find and eliminate spyware. It is extremely important that the software is kept up to date and run regularly.

A well maintained computer takes some effort, but once the routine is set up, you can protect yourself from intruders and malicious software. For help eliminating spyware, or any of your computing needs CONTACT US.

Controlling Spyware and Adware

Click on an intriguing ad, and a barrage of pop-up windows floods your screen. Run what looks like a legitimate adware scan, and your browser never acts the same, redirecting you to all manner of unsavory Web sites. Install free software without reading the license agreement, and the next thing you know your computer slows to a crawl—possibly due to the cumbersome software now tracking your online movements. Welcome to the mystifying world of spyware and adware. Often annoying and sometimes hazardous, these security risks have become an all-too-common part of our online lives. And they’re only becoming more widespread.

So what exactly is spyware, and how is it different from adware? What sort of harm can these programs cause? Is there anything you can do to avoid them? These are all good questions. And despite the confusion often surrounding these technologies, each question has an equally good answer.

Is it spyware, adware, or simply unwelcome?

There is some debate—even among security experts—over the definition of spyware. However, most spyware programs share a few distinguishing characteristics. A kind of information gathering software, spyware may find its way onto your computer without your knowledge or permission. It ordinarily runs in the background, collecting information or monitoring activity, and it can relay that information to some other cyber-location. A lot of spyware harvests information related to your computer and how you use it. For example, it may monitor your Web browsing patterns or the kinds of software you’re running. More sophisticated forms of spyware have been known to capture and transmit highly personal information, from passwords and user names to credit card numbers and instant messages.

Adware is slightly different than spyware. Although it may also run without your consent or knowledge, adware programs are more intent on displaying advertising content on your computer. Often using pop-up windows, adware programs flash advertisements and links to other Web sites. Many of these ads tout legitimate products, and adware is more often an annoyance than a security risk. You may even find the information it presents useful. Some adware also monitors your browsing activities and then uses that information to deliver more focused advertising content. Again, this might be considered a positive thing. It all depends on how you perceive targeted marketing. Some people find it disturbing, or even an invasion of privacy.

In the end, the question becomes, what is the main purpose of the program. If the program installs itself on your computer so it can capture private information, it’s spyware. If the main purpose is presenting ads or routing you to a commercial site, it’s adware. Of course, what you call the software doesn’t really matter; the most important question is whether you want it on your computer. If it compromises privacy and security as you define it (or at a minimum, becomes an nuisance), then it falls squarely in the category of unwelcome software. And that means you need to learn how to deal with it.

How harmful can it be?

While a lot of spyware and adware programs are fairly harmless, some spyware puts your privacy, data, and identity at risk. These programs employ clever, highly sophisticated methods to get at your most private information. For example, some spyware uses a special kind of software to capture every keystroke you make. That means the content of your emails and instant messages, your log-in names and passwords, even your diary entries, are fair game. With these kinds of tools at their disposal, identity thieves and other online criminals have begun using spyware to perpetrate fairly elaborate frauds. Some have even gone so far as to use sham antispyware software to slip their own spyware onto unwitting users’ machines.

It’s clear some kinds of spyware are more than a nuisance. However, that’s not to say their more benign cousins aren’t also a serious problem. Programs that constantly launch pop-ups are maddening. And some spyware and adware, working busily in the background, can dominate your system’s resources, sometimes bringing down your entire system. While a slow machine is annoying for anyone, it’s especially hard on home office users—creating the kinds of performance issues a small business just can’t afford. So, whether they pose security risks or performance headaches, it’s imperative to keep these unwanted programs off your computer.

Where does it come from?

So, how does this unwelcome software find its way onto your computer? It can happen in a number of ways. Often it gets installed along with other programs you’ve loaded. Of course, there’s probably some sort of notification within the software’s licensing agreement. However, these agreements tend to be quite long, and most us don’t read them in their entirety. In a typical scenario, spyware or adware gets bundled with freeware you download from the Internet. While some see this as a fair tradeoff (you get free software; they get to observe your habits), others find it deceptive and invasive.

Meanwhile, a lot of unwelcome software makes its way onto your machine as you surf the Web. Often called drive-by downloads, unscrupulous adware and spyware programmers use pop-up windows, ActiveX® technology, and Web browser security holes to install information-gathering software without your knowledge or consent. In many cases, they get you to trigger a download by clicking on a pop-up window or fake dialog box. Some of them even design windows which contain an urgent or enticing message. It might offer a free gift or claim you need to download some software to see a Web page. The window often presents what appears to be a yes or no choice. In reality, if you click anywhere on the window, it will download spyware or adware to your computer. In general, downloading unwelcome software requires some action (or inaction) on your part. That’s good news, because it means you retain a fair amount of control.

How do you avoid spyware and adware?

A lot of unwelcome software ends up on your computer in part because of something you did or did not do. Knowing this, it’s important to take a careful approach to surfing and other online activities. The following practices can reduce the likelihood of inadvertently downloading unwanted spyware and adware:

Be selective about what you download to your computer. If you don’t have a reason to trust the company providing a piece of software, hold them to increased scrutiny. Visit their Web site to learn more about the people behind the technology, as well as the technology itself.

Read licensing agreements. Don’t just scroll to the bottom and click the “I accept” button when installing freeware. Instead, read each agreement carefully and look for language pertaining to information-gathering activity.

Watch out for antispyware scams. The Web is rife with “antispyware” tools that do little or nothing to prevent spyware. Some even make it worse. Purveyors of these tools often provide free scans, which almost invariably identify hundreds of spyware programs on your computer. They then immediately ask you to buy their bogus product.

Beware of programs—especially freeware—that flash clickable ads in the user interface. Their presence is a red flag, and it’s possible someone is watching how you respond to them.

Keep your Internet browser up to date. Because browser security holes are a common pathway for spyware and adware downloads, it’s important to apply any and all security patches when they become available for your browser.

Disable ActiveX unless you really need it. ActiveX is a common tool for installing spyware without your knowledge or consent, and you can always turn it back on should a trusted site require it.
These recommendations go a long way toward reducing the amount of unwelcome software on your computer. However, even the most vigilant users can’t stay on top of everything. That’s especially true as the methods of spyware distribution continue to evolve, taking on ever more sophisticated guises. Fortunately, despite the widespread existence of fly-by-night antispyware vendors, it’s possible to get effective spyware protection tools from trusted security experts.

When choosing an antispyware tool, it’s important to remember spyware and adware don’t operate in a vacuum. In fact, some of the most dangerous and sophisticated Internet security threats use other, more malicious tools in combination with spyware. These multi-dimensional threats require multi-dimensional defenses. That’s why Symantec has developed Norton Internet Security™ 2005 AntiSpyware Edition. While continuing to offer firewall security, virus protection, spam prevention, and privacy controls, it also automatically detects and removes spyware and adware known to be a security risk. When it detects less hazardous spyware or adware, it prompts you to make a decision. That way, you control what gets in, what stays out, and what remains on your computer.

In the end, that’s the only way to get a handle on unwanted, uninvited software: by taking control. Spyware and adware aren’t going away anytime soon, and you need to take charge of the situation, making informed decisions based on your preferences. Controlling spyware requires a new kind of savvy and a new set of tools. Fortunately, the tools are out there. The rest is up to you.

© 1995-2005 Symantec Corporation.
All rights reserved.

Contact Us

Scroll Up
free
hit counter