Subscribe to the Bombay Chartered Accountant Journal Subscribe Now!

December 2011

Tips and tricks — Securing your systems quick and easy

By Samir Kapadia | Chartered Accountant
Reading Time 9 mins
fiogf49gjkf0d
Introduction

Computers and computer networks are usually the heart and mind of any computer ecosystem, whether at your office or at your home. Generally, one tends to attach a lot more significance to the business ecosystem as compared to the ecosystem in one’s home and the common excuse is cost vs benefit analysis. Often the argument forwarded is that the data in the office is sensitive and therefore needs to be secured. This argument ignores the fact that the data at home is far more personal and any compromise there may well turn out to be a fatal error.

This article aims to give some quick easy, do it yourself tricks for securing your computer, wireless networks and your phone.

For those of you who missed it . . . . . . last month the BCAS had organised a free lecture meeting on ethical hacking. The speaker was Master Shantanu Gawade. A master not only because of the knowledge he possess on the subject of hacking, computer programming, etc., but also because he is a tender 14 years of age. Shantanu’s presentation evoked mixed reactions of shock and awe. Most of the members present were shocked by the potential threats that they had inadvertently exposed themselves to, and in awe because of the skills and knowledge displayed by a precocious boy of 14 years. Those who were able to comprehend the dangers that lay ahead asked — how do we deal with this menace, how do we insulate ourselves? Shantanu was candid enough to say that there are no silver bullets to this problem and that prevention was one of the best answers.

While it would be difficult to address every single issue, there are a few ‘do-it-yourself’ steps that you can take to reduce the threats. This write-up summarises the steps that you can take

  •  to check whether you have left WIFI network unsecured; and
  •  the steps to secure your WIFI network.

Those of you who were present during Shantanu’s presentation would instantly agree that the above would be good starting point.

How safe is your WIFI network:

A WIFI network provides several advantages (no wires and no ugly holes in your wall are just two of them1). A WIFI network allows a user to access the network without being tied to one particular spot. In other words, the user has the convenience of moving from his desk to another desk or conference room, etc. (at home- from your living room to any other room) and still be able to access the Internet or your server. WIFI signals can travel within the periphery (i.e., 360° of the periphery) of the router/ access point up to a particular range. You may say “it’s a huge convenience” and your neighbour might say “a huge convenience to me also”.

An unsecured connection allows neighbours and strangers access to your Internet connection and possibly your home network2. They could stream video over your connection, slowing down your own Internet access. If they have the skills, they may be able to search your hard drive for bank account numbers and other sensitive information. Even worse, they could download something illegal, such as hack some critical infrastructure, pornography, and make it look to the police as if you’re the guilty party. (You may recall that the cybercrime cell had traced some terror emails to the house of gullible citizens with an unsecured network — exploited by trouble-makers.)

So how do you prevent yourself from such threats. While switching off the network may be the easiest way, the proper solution would be to use WPA2 security. WPA2 offers considerably more than the older standards, WEP and WPA, both of which can be cracked in minutes. WPA2 can also be cracked, but if you set it up properly, cracking it will take more of the criminal’s time than anything on your network is worth. Unless of course hacking networks is the criminal’s bread and butter, sole purpose of the criminal’s existence.

Locking your WIFI network

Step 1 in this direction would be to check your router’s menus or manual to find out how to set up WPA2 protection. Once you have activated the settings the next step would be to lock down the same with a secure password.

If Step 1 fails, then to get started, you’ll need to log in to your router’s administrative console by typing the router’s IP address into your web browser’s address bar. Most routers use a common address like 192.168.1.1, but alternatives like 192.168.0.1 and 192.168.2.1 are also common. Check the manual that came with your router to determine the correct IP address; if you’ve lost your manual, you can usually find the appropriate IP address on the manufacturer’s website. Once you have find the appropriate IP address, first change the default password. Generally the default password is ‘admin’ or something similar provided by the manufacturer. Retaining the default password is very risky, because it is rumoured that there’s a public database containing default login credentials for more than 450 networking equipment vendors and there is a high probability that the hacker has already accessed it.

Though no password is foolproof, you can build a better password by combining numbers and letters into a complex and unique string. It is also important to change both your Wi-Fi password (the string that guests enter to access your network) and your router administrator password (the one you enter to log in to the administration console — the two may sometimes be the same) at regular intervals.

Step 2 is to change the Service Set ID (‘SSID’):

Every wireless network has a name, known as a Service Set ID (or SSID). The simple act of changing that name discourages serial hackers from targeting you, because wireless networks with default names like ‘linksys’ are likelier to lack custom passwords or encryption, and thus tend to attract opportunistic hackers. Don’t bother disabling SSID broadcasting; you might be able to ward off casual Wi-Fi leeches that way, but any hacker with a wireless spectrum scanner can find your SSID by listening in as your devices communicate with your router.

Step 3 is to enable the WAP 2 security:

If possible, always encrypt your network traffic using WPA2 encryption, which offers better security than the older WEP and WPA technologies. If you have to choose between multiple versions of WPA2 — such as WPA2 Personal and WPA2 Enterprise — always pick the setting most appropriate for your network. (Unless you’re setting up a large-scale business network with a RADIUS server, you’ll want to stick with WPA2 Personal encryption.)

Step 4 is to enable MAC filtering:

Running ipconfig will display your current network configuration. Every device that accesses the Internet have a Media Access Control (‘MAC’) address, which is a unique identifier composed of six pairs of alphanumeric characters. You can limit your network to accept only specific devices by turning on MAC filtering, which is also a great tip for optimising your wireless network. To determine the MAC address of any Windows PC do the following:

  •  open a command prompt (select Run from the Start menu), type cmd and press Enter (Windows 7 users can just type cmd in the Start Menu search box.)
  •  Next, at the command prompt, type ipconfig/all and press Enter to bring up your IP settings. If you’re using Mac OS X, open System Preferences and click Network.
  •  From there, select Wi-Fi from the list in the left-hand column (or Airport in Snow Leopard or earlier), click Advanced . . . in the lower left, and look for ‘Airport ID’ or ‘Wi-Fi ID’.
  • If you need to find the MAC address of a relatively limited device such as a printer or smartphone, check the item’s manual to determine where that data is listed.

Thankfully, most modern routers display a list of devices connected to your network along withtheir MAC address in the administrator console, to make it easier to identify your devices. If in doubt, refer to your router’s documentation for specific instructions.


Step 5 limit DHCP Leases to your devices:

Dynamic Host Configuration Protocol (DHCP) makes it easy for your network to manage how many devices can connect to your Wi-Fi network at any given time, by limiting the number of IP addresses your router can assign to devices on your network. Tally how many Wi-Fi-capable devices you have in your home; then find the DHCP settings page in your router administrator console, and update the number of ‘client leases’ available to the number of devices you own, plus one for guests. Reset your router, and you’re good to go.

Step 6 is Block WAN Requests:

This is the last step. Enable the Block WAN Requests option, to conceal your network from other Internet users. With this feature enabled, your router will not respond to IP requests by remote users, preventing them from gleaning potentially useful information about your network. The WAN is basically the Internet at large, and you want to block random people out there from initiating a conversation with your router.

Once you’ve taken these steps to secure your wire-less network, lock it down for good by disabling remote administration privileges through the administrator console. That forces anyone looking to modify your network settings to plug a PC directly into the wireless router, making it nearly impossible for hackers to mess with your settings and hijack your network. In case you find the above steps difficult to follow, please take the services of a professional and get it done before it’s too late.

Hope you have a safe computing experience. Cheers!

You May Also Like