Here is how I configure a wireless router every time I setup a wireless network.

Change the Default Administrator Username and Password
Firstly, this is just good practice for ALL hardware and software. The default passwords are easily obtained and because so many people do not bother to take the simple step of changing them they are usually what hackers try first. Changed the default password on the router to a complex one.

Disable SSID broadcast
Service Set Identifier (SSID) is a name used to identify a wireless network.  Though disabling SSID broadcast does not provide in-depth security, it does help protect from worms, viruses that spread by scanning for broadcast SSIDs. Also, it acts as a first level of protection against casual wireless network scanners.

Note: SSID broadcast needs to be enabled every time a new client needs to connect to the network. Though MS Windows has an option to say “Connect to the network even if it is not broadcasting”, it does not connect the first time a client is configured to connect to the wireless router. Once configured a client will automatically connect to the wireless network even when the SSID is disabled.

Restrict access by MAC address
My friend uses a laptop and desktop at home.  Configured the router to allow *only* the MAC addresses of this laptop and desktop to connect to the network.

Use WPA2-PSK encrytion
Obiviously, did not want to use WEP for its weaknesses. WPA2-PSK is the best available option and has Advanced Encryption Standard (AES) . WPA2-PSK stands for Wifi Protected Access version 2 – Pre Shared Key.  Configured a tough to guess or crack network key.

Note: If you use Windows XP with SP2 on it, chances are that WPA2 support might not be available on it yet. Install the Microsoft Patch KB893357 to have Windows XP support WPA2.

Disable default remote administration settings
Restricted the wireless router admin console to be  accessed only from IP address of the Desktop (through the wired connection) .

What other steps do you usually take to securely configure a wireless network?

But it is a good move with Gmail to be the first webmail to have the entire site HTTPS encrypted. Looks like, Google had to upgrade their servers to provide better performance. I did not find any decrease in speed with the HTTPS site. A thumbs up for Gmail.

Read about the official annoucement here

Here is the complete article.

Any discussion on network security is never complete without the mention of firewalls. If we were to ask people whether their network is secure, the answer would probably be “Yes! we have firewalls installed on our network”. Having firewalls, those properly configured help secure ones network resources. Firewalls are not the only things that ensure complete security. In recent times, firewalls for home PCs and standalone computers connected to the Internet have been introduced by various antivirus and network security companies. These are called personal firewalls.

The reasons for having a personal firewall on your desktop at home:

• With more individuals at home using high speed Internet connections like Cable or DSL (Digital Subscriber Line); hackers have more time to explore the vulnerabilities in these computers and get unauthorized access.

• Nowadays, computers at home are not restricted for use as in playing games and listening to music but also to shop online. Vital information – like credit card numbers are sent through the internet and it is possible for an attacker to have a Trojan (a program that runs stealthily) installed in the computer and send all the typed keys to his email. So, home computers make a good target for hackers.

• Individuals at home are more susceptible to attacks because they use different chat tools like IRC, messengers like ICQ that are vulnerable. These tools reveal a lot about ones computer network like IP addresses. Also, receiving files through these tools from an unknown person exposes the computer, since a direct connection between the sending and receiving computers is established. Therefore, there is no program which can scan the file before it is received. This is where a firewall helps.
• If a home computer does get attacked, most of the victims will not know how to react to it or to plug the holes in their systems.

What is a Firewall?

The term ‘firewall’ is actually borrowed from the construction industry. It is a wall built of fire-retardant materials, designed to prevent or slowdown the spread of fire from one room to another. A firewall acts as an obstacle that protects against a disaster. In the network world, a firewall performs a similar function by acting as a barrier between the trusted zone (your computer or network) and untrusted zone (another network or the Internet). Firewalls are typically installed at the perimeter of a network. They provide a single point for data to enter and leave the network where security rules are imposed. These security rules typically define what type of data should enter and leave the computer by blocking what is not required.

For example, all you do from your PC is browse a few websites without downloading any programs or files like mp3s. You can just allow HTTP (Hypertext Transfer Control Protocol) data to leave your network. If you try to upload or download files using FTP (File Transfer Protocol), it gets blocked at the firewall. Any incoming connection to your computer can either be blocked or monitored (filtered) using a firewall. With some firewalls, you also get a prompt every time an application tries to connect to the internet or somebody tries to connect to your machine. This prompt will ask for your permission to allow this connection or not. This is very helpful to find out if Stealth programs like Trojans, key loggers or worms are running and sending information out to the attacker.

There are several commercial personal firewalls from companies like Symantec, McAfee etc. Some of them are available for a free download and can be used for a short period of time. Zone Alarm from ZoneLabs (http://www.zonelabs.com) is a freely downloadable firewall, which has no time or feature restrictions. It comes with pre-configured firewall rules and has many more features than some of the other commercial personal firewalls. Configuring the firewall is as easy as using a slider. You can use the slider to change the level of security you prefer.

It can remove or restrict access to all the shares in your PC, hide your IP address and other details from outsiders. In addition, it has other features like alerting when the system blocks an intrusion attempt. ZoneAlarm also displays the IP address of the machine from which the intrusion attempt came from. So, you can track the intruder down and report it to his/her ISP. Furthermore, you can also provide permission to only those programs that should access the Internet.

But I found one interesting point made about most commonly used passwords. According to the movie, it is “love”, “secret”,”s**” and “GOD”. Of course, this movie is almost 15 years old.  Things have changed since then and so are the passwords.

There is a good article with stats on real world passwords on Bruce Schneier’s blog here . Check it out.

A malicious hacker trying a dictionary attack would use a password dictionary that has much more than just 370 passwords.

Instead,  I would have liked to see twitter stop accepting passwords that is not complex ( a password less than 8 characters long, has a CAPITAL and a special character). Right now, it does show a password rating during signup but it accepts passwords other than the “too obivious” ones.

OR

Have twitter use two-factor authentication like WikID

Ofcourse, this leads to the same old argument on choice of  “easy to use” or “more secure”.

However, this is required by my registrar (GoDaddy) to contact me periodically. Ofcourse, there is a paid solution from the registrar itself to make  a private domain registration. But, I was wondering if there was a free and simple solution.

After some google search and quite a bit of reading found a simple but effective service called myprivacy.ca

What does myprivacy do?

1. Provides an email id with a @myprivacy.ca domain. Emails to this ID will be forwarded to your valid email ID.
2. Allows  (with no filtering)  any email from The Canadian Internet Registration Authority (CIRA) and a set of  participating ICANN Registrars.
3. Everyone else gets a simple challenge email.  The sender needs to respond with a reply to this email. This happens for the first email that a sender sends to you.  Once you approve the sender, that email ID is whitelisted.

Whats more, you can have a whitelist of email IDs or domains you want to allow without sending a challenge email. This helped me as GoDaddy is not in the list of participating ICANN registrars. I had to just add its domain name in my whitelist.

That’s it! Simple and easy. Though, I am using this to block spam from originating from whois information this can be used for general purpose (private) email too.

So, how are you protecting protecting yourself from SPAM? Do you know of a better solution than this which is free?

Send in a comment in this post or send a tweet as @r_prathap in it.

I was asked by couple of my friends questions like:

1. What does it mean for facebook users?
2. Do I need to stop using facebook?
3. Is Orkut any better?

Reading the privacy policy, the major cause for concern is that Facebook allows search engines to index your profile pages.

So should you stop using facebook? YES, if you can . If not, following the below guidelines can help reduce the risk upto an extent.

• Review your privacy settings on facebook
• Set everything in there to be viewed by “only friends”
• Do not “Accept” any friends unless you know them

More detailed information and how to better configure privacy settings are here 10 Privacy Settings Every Facebook User Should Know

Lastly, go watch this video and know for yourself how your information on facebook can be used by fraudsters.

Let me know what you think.