Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Wireless tip: Don't hide from risk

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Wireless tip: Don't hide from risk
Date: Fri, 24 Sep 2004 02:35:07 -0500 (CDT) 
http://www.fcw.com/fcw/articles/2004/0920/web-wireless-09-23-04.asp

By Michael Hardy 
Sept. 23, 2004

The best wireless network security is to not have a wireless network,
according to Defense and intelligence experts who spoke today at a
conference in Washington, D.C., sponsored by E-Gov, which is part of
FCW Media Group.

But because that is not always a practical solution, they offered
other tips to keep intruders out of the network and to keep data safe.

Perhaps the most important safety precaution is acknowledging the
risk, said Kevin Marlowe, acting director of systems network
engineering at the Joint Systems Integration Command, a subcommand of
the U.S. Joint Forces Command.

"Calculate the risk, figure out whether you can accept that risk and
mitigate it," he said.

"Risk doesn't have to be zero for us to use a product," said Timothy
Havighurst, a systems architect at the National Security Agency.  
"Sometimes the convenience of these systems outweighs the risks."

No wireless device or network can ever be completely secure, said Atul
Prakash, a professor at the University of Michigan's electrical
engineering and computer sciences division.

Ask a vendor representative if a product is completely secure, he
said. "If they say yes, you're probably talking to a marketing guy or
a salesman," he said. "If you're talking to a security expert, they
will hedge."

Agency officials must deal with the real world of commercial
technology, Havighurst added. "Soon you will not be able to buy a
laptop without" wireless connectivity, he said. "Soon you will not be
able to buy a [wireless] phone without a camera. These are things we
disallow, but industry is moving on."

Agency employees sometimes push their bosses to move faster in
technology adoption, he said. When managers set a policy forbidding
some wireless devices, employees will often argue that operational
need justifies changing the rules.

"Sometimes those are legitimate reasons," Havighurst said. "Sometimes
they're not. Sometimes they just want something because it's really
cool."

Marlowe offered a list of tips for making wireless networks safer,
including:

* Change factory settings in the routers. Hackers know the common
  default passwords and other information that makes intrusion easy if
  they're not changed.

* Enable the router's session timeout feature so that if no data
  passes through it after a set period of time, it shuts down.

* Set routers to the lowest feasible power, so they keep the network
  devices connected without opening the door wider than necessary.



_________________________________________
Donate online for the Ron Santo Walk to Cure Diabetes - 
http://www.c4i.org/ethan.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Wireless tip: Don't hide from risk, InfoSec News <=
Previous by Date:  [ISN] Microsoft: To secure IE, upgrade to XP, InfoSec News
Next by Date:  [ISN] For an infosecurity career, get the technical basics first, InfoSec News
Previous by Thread:  [ISN] Microsoft: To secure IE, upgrade to XP, InfoSec News
Next by Thread:  [ISN] For an infosecurity career, get the technical basics first, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]