How to Protect Your Home Wireless Network?

Hacker and Cybercriminals interested in hacking Wi-Fi network. It is much easier since they just need a Wi-Fi connector and they don’t need to connect their device to a physical cable. If they have right tools and right skills, they could use laptop, tablet or even a mobile phone to hack into wireless network. There are some tips, which we could follow as home users to protect ourselves against Wireless hacking.

Encryption Protocol and Passwords: There are protocols to encrypt connections like WEP or WPA, if you look into encryption algorithm in your modem, you could check them and see which one is supported and is more secure, normally WPA2 is more secure than WEP and WPA. The enterprise standard would use digital certificate which is more secure but for home user you might need to use simple and cheaper way of encryption which is password. You should look into your modem specification and see what standards are supported and use the most secure one. Then you also need to select strong password. It should be long and complex. Normally, I suggest to create a long and complex password and save it in notepad and put it into a flash memory and paste it in your connected devices and save password. It is good idea to change your password regularly at most every 90 days.

Number of Connected Devices: In some routers, you may set the maximum number of connected devices. In this case, you could count how many devices are being connected to router and set that as maximum number of connected devices. So let say, if you are connecting 6 devices to the Wi-Fi router at the same time, if someone else tries to connect, the connection will be rejected (unless you have fewer number of devices connected at that time e.g. 5 devices).

MAC Address Filtering: MAC address is the physical address on devices, on some routers you may set MAC filtering , where you could set MAC address of your devices which are being connected to router and set rule that only accept devices which match the same address and reject the rest.

Hide SSID: If you already used Wi-Fi, you might have seen that when you turn on Wi-Fi, you will see name of access points. This is actually their SSID, in some routers you may set to hide this name. So when you turn on Wi-Fi, you won’t see the name of your access point and you have to manually type it and then it will be asked for password.

Guest Wi-Fi: Let say someone is visiting you and you want to grand him or her access to your Wi-Fi. Some Wi-Fi routers has Guest Account and normally you should leave it disable and only enable it when guest is coming. This account would create some restriction on the guest user and protect access against your own internet access and you could set some limitation like amount of time allowed to use Wi-Fi or bandwidth limit.

Router Login Page: In order to make any changes to the router, you should login to the router page. It is recommended to change the default username and password for login. Some routers has ability which you could set to only allow access through LAN and block access from Wi-Fi, make sure you set this option. In addition, you should set to only grand access from local network and block remote access. This basically means, you could only change router setting when you physically connect through direct LAN connection.

Reduce Signal Frequency: Above methods would provide great helps to stop hackers, for example hiding SSID, would hide your router from cybercriminals, MAC filtering, block external device access to router, strong password will stop bad guys against hack your router. However, hackers always working on ways to bypass these and there is a way when no one could hack into your router unless they are close to your router. It is by set frequency of connection. When you reduce frequency of signals, you only could connect to your router when signal is within range or you are close to your router. It is recommended to place your router in location where you could get signal inside your home but you are unable to get signal outside your home. In this case, only if someone manage to get into your home, then he or she is able to connect to your Wi-Fi.

It is also recommended to enable Wi-Fi logging and check log files regularly to check for suspicious activities.

Have a safe Wi-Fi connection.

 

Advertisements

Update Vaccinates your PC against Ransomwares

After recent ransomware incidents, I received several messages from users who are super worry about current incidents and about futures malwares. I tell them one thing, you don’t need to be super-duper computer expert to protect yourself, the only thing you need to do is to update your PC and Anti-Malware software and nowadays, it is as easy as stay connected to internet and you will get the latest updates. For example in Windows 10, when you have default setting, you just have to connect to internet and Windows will protect you by updating Windows and Windows Defender automatically. If you have any other Anti-Malware software, normally it also get updated automatically. PC which have been infected with ransomware and are getting infected right now, are facing this problem, because they are not update. Update act like vaccinate for malwares and update could detect and remove them. If you really care about security and protecting yourself against malwares and ransomwares, they make sure update Windows, Anti-Malware software and everything.

In general, security researchers all over the world, are trying to find new threats and find ways to detect and remove them and if there are other malwares similar to the one which has been detected, they create ways to detect unknown but similar malwares. They effort on detecting and removing these malwares are being released as definition updates through update mechanism. In the other world, security engineers in Windows team also research about new and unknown threats and vulnerabilities in Windows and attempt to fix and protect these vulnerabilities and mitigate possible vulnerabilities in future and they release security fix through Windows Update.

 

What is Microsoft Security Compliance Manager ?

Managing security in a company is a complicated task. In Windows environment there is very nice feature known as Group Policy which you could take a control over managing your IT environment and you could set basic things like forcing user to change password every three months to more complicated tasks like block certain version of application from running or disabling certain settings in Windows. There is no doubt that Group Policy in Windows is very powerful, but many IT professionals are not sure how to configure it to compliance with best practices in security industry. If a company required to follow best practices in IT Security, they could achieve it with Group Policy, but they are not sure which policy should they set. In this case, they need to go through security best practices documents and figure out what each policy is all about and then open Group Policy and look for Group Policy Object and then set that specific policy there. This is time consuming and difficult process and for these reasons, many of IT professionals just setup basic security policies like the one for user account and then let it be like that. Hopefully, Microsoft released a tool which makes it a lot easier to adapt security best practices in Group Policy quickly and it called Security Compliance Manager. What it does is, it contains list of security best practices and map them to Group Policy Objects and it also has explanation like why we need each policy and why there are important. In this case, instead of look into guideline and figure out which policy must be set and where is it located in Group Policy, you will see all required policy and you will see why they needed and you could compare them with your current setting, the recommended one by Microsoft and recommended one by industry. In addition, you could simply sit with your managers and other IT Professional and discuss what changes you wanted to adapt into these policies and once you done, you could import it into your current IT environment and use it. You could also customized your own settings and share it with other branches. Security Compliance Manager is simple tool which makes great things. Make sure you use it and good news is, it is free of charge and you may download it from here.

The above link is the latest version and new version will be released regularly, make sure check out Microsoft website for the latest version.

 

Don’t Scare of WannaCrypt

Recently, a type of ransomware known as WannaCrypt which could spread over network like worm affect millions of computers worldwide. Ransomware is type of malware that encrypt files in a system and ask user to pay so they give them key to unencrypt files and making payment doesn’t necessary grand you the key to unencrypt files. Therefore, it is best not to make any payment and instead, invest more time to protect yourself. Normally, ransomwares come through a file or with a virus where user have to click on the file to or run infected program for ransomware to run and it only infect the affected PC and no other PCs in network. However, WannaCrypt is different, it infect the PC and try spread over network like worm and infect other PCs in the network. In this case, it could encrypt all PCs in a company or organization and this is why it becomes great concern. It uses vulnerability in Microsoft Server Message Block 1.0 (SMBv1) server which has been fixed on March to spread over network. To put this simple, if you already updated your Windows, it won’t be able to spread over network and in general you should install update related to Microsoft Security Bulletin MS17-010. In other world, Microsoft already protected you , before this worm infected the world, but because many users and IT professionals still won’t take Windows Update seriously, it manage to affect the world. In addition, majority of Anti-Malware vendors already released update to protect users against this ransomware and if you are using any of Microsoft Anti-Malware products such as Windows Defender, Microsoft Security Essentials, System Center Endpoint Protection, Windows Intune Endpoint Protection, Microsoft Forefront , you will be protected, if you update your Anti-Malware and in Microsoft Anti-Malware signature, it is known as Ransom:Win32/WannaCrypt .

In conclusion, to protect yourself against this WannaCrypt and other ransomwares, you need to update your Windows and update your Anti-Malware product and in general, you should connect to internet and check for update. Microsoft also released Customer Guidance for WannaCrypt attacks. If you are worried about WannaCrypt, you need to do three things: Update (Windows), Update (Anti-Malware), Update (Other Programs).

 

Goodbye Windows Vista!

Support for Windows Vista has ended on April 11, 2017. It means, you won’t get any update or support for Windows Vista and if there is new vulnerability or security weakness for Windows Vista, you won’t get fix for it, in the other world security researchers and Microsoft security team won’t spend much time to do research on securing Windows Vista. Windows Vista succeed Windows XP, during those times, Windows XP has been blamed for security weaknesses and high number of malware infection. Windows Vista open up new door for security and new operating system introduced with new and powerful security concepts out of the box. Such as introducing two ways firewall (Windows XP was one-way firewall) and with advance and user friendly setting. Bitlocker introduced in the time of Windows Vista and it helped IT professionals and users encrypt their entire hard drive easily. User Account Control (UAC) also introduced in Windows Vista where it requests for permission whenever user tries to perform administrative tasks. In general, there were several improvements in area of security for Windows Vista. Some users blame Windows Vista, because new security features weren’t very friendly for them. In Windows 7, security enhanced and become friendlier and for this reason, many people upgraded to Windows 7. In Windows 8, security enhanced and Anti-Malware software build into the operating system and this improvement continues in Windows 10 and Windows keep improving in each version and new build and releases.

In case you are using Windows Vista, it is better to upgrade to supported version of Windows, take a look at Windows Vista end of support. It is recommended to upgrade to Windows 10 which is the latest version of Windows and there are several new security features there. When you upgrade from Windows Vista to Windows 10, you need to reinstall your application and in some case, you might need hardware upgrade. However, you must upgrade to supported version of Windows unless, it is just matter of time before new vulnerability discover in the public and cause damage in your system. If you are using Windows Vista, make a wise choice and upgrade today.

 

Mark as Junk to Fight against Cybercriminals

If you see any suspicious email, you should mark it as SPAM or JUNK or Phishing, instead of deleting it. I have seen many users who just delete suspicious file and unfortunately, there are people in area of security who ask users to delete unknown and suspicious emails. The question is when should we delete email and when mark them as spam? We are deleting emails, when we know it is trustworthy and we could ask sender to stop sending such email or unsubscribe from the email and to free up our mailbox, we will delete them. But if email came from unknown source and we couldn’t trust the email or it has any suspicious behavior, we shouldn’t just delete them and instead we should mark it as spam. This would help our email spamming system to fight against spammer and cybercriminals. It also help legal authorities to have better evidence when fighting against spammers and they could say thousands of our user requesting us to block this guy and we ask them to stop spamming and they refused so we bring them to court. Sometimes, email might come from your trusted friend and it seems suspicious, in this case, you should call your friend and ask them to check basic security steps like check for malwares, change passwords and check with email provider to see whether is there any suspicious behavior with their email or not. If you are using Microsoft Account, there are good description about things you could do here. It is better to contact them by phone or other mean of communication than email, because we are not sure whether your friend’s email have been hacked or not. One interesting feature in Microsoft Outlook.com email is you could mark your friend’s email have been hacked and this would help your friend. It is drop list near the Junk in Outlook.com, where you mark email as Junk or Spam.

We as security professional, should teach our users to mark suspicious emails as Junk or Spam, instead of deleting them. So we will know what emails are trying to harm users and which one are just taking some extra space. In term of Junk or Spam, it is matter of cybercrime and in some cases, they might carry dangerous attachments which might contain new malwares and report as junk or spam, would help us to identify new threats and even unknown or 0-days vulnerability. To make this matter clear for users, I would ask them to consider your home, sometimes, you need to do cleaning and remove dusts and you will see some piece of paper like old receipts which you don’t need them any longer , but they won’t harm you and you just throw them out , to make your home cleaner. But imagine, if someone send you something dangerous. Let say it is a package which might contain bomb or it is a letter convince you to leave your home at specific hour (so may be someone could come into your home during those hours and commit robbery), you won’t just throw it out. You will place it outside your home and call police or other legal authorities. Marking email as Junk or just Delete them is like this. So you should be careful, whether you should delete email or mark it as junk.

 

Machine Learning Damaging Our Privacy

In order to build any model based in Machine Learning and Artificial Intelligence, it is required to collect a lot of data and to get accurate model, we need accurate data. For this reason, companies force to collect a lot of data from users and they send it to their big model for process and then hand it over to machine learning and AI experts to create model for prediction. The main problem is to satisfy the model, we need a lot of data and these data is being stored somewhere. We might say, it is being processed automatically and no human has access to them, but when researchers want to verify something, then they might force to read those personal information, authorities force to take a look at suspicious content and this collection, would put our privacy at risk. Because models relays on AI and Machine Learning, normally, they won’t delete data. For these reasons, I call Machine Learning and AI, one of the biggest enemy of privacy. It force researchers to collect a lot of data, but there is no sufficient information, about protecting those data. Many people argue, we are doing this to protect users, for example in spamming, we need to collect big set of email (but we won’t read them) and mark which email is spam and which is not and we are leaving this to users to classify it and we only care about text and count of words and structure of text. For those who are expert in security, will know that easily we could bypass any email spam, with our tricks, which I don’t want to explain here, because people might abuse it. Anti-Spam could block known spams and those create with semi-professional security guys, but it is helpless for experts. We are collecting a lot of data, spending so much money on servers to collect and process these data, spend so much money on universities and researchers to play around with complex math formula, just to come up with a system, which is helpless in front of experts. Some people argue, that well we have other methods, other protection ways and not everything is based on AI and Machine Learning which is true. But what, we would like to argue is why we are spending so much on this? We might deal with problem of Spam through criminal intelligence analysis, policy data center and monitoring and response team. These methods are a lot cheaper and more efficient. Of course we need spend some money to enhance them, but once we reach to the right place, we could use them to combat against cybercrimes. When we discuss with those who call themselves security experts in university, they always say, sorry we are only care about Machine Learning (because they only care about publication and not national or international security in cyberspace). When we talk with experts in criminology, they say it is interesting topic, but we are only care about law and legal issues. So we are collecting so much data, spending so much money, for unreliable systems.

There is no need to collect so much information and even, if there is a need to collect them, there is no need to keep those information forever. These problems with privacy raised, because everyone force themselves into Machine Learning and AI. If they think about something else or they let others to investigate in these areas, we could protect privacy of our users and enhance their security. As it already been mentioned, policy management, is the recommended solution and there is no need to collect so much data and even if we do, we could delete them later or let users to control their data, instead of collecting them. For these reason, I am requesting cybersecurity experts, to move away from Machine Learning and AI (I don’t say everyone should leave it, but we need people to think in different direction). Universities should open doors to young people who love cybersecurity but they prefer methods without mathematic and AI. Professors don’t understand these methods and they force everyone to follow AI direction and this put our privacy at risk. We need to open new doors to develop expertise in policy management, rather than unreliable math formulas and forcing people to use AI.