VIII. Remote

What is “Remote Access” ?

  • Using someone elses computers (hotel or even at a friend’s house)
  • Traveling with devices that can be stolen
  • Using someone elses Wireless networks (Coffee shop, hotel, airport)
  • Unauthorized use of your own Wireless network
  • PROBLEM: Remote users (travellers) are not educated on remote use CNN report on Remote Access

What does it mean to say a computer “isn’t secure”?  It means the computer (or network) doesn’t have the minimum configuration to make it hard enough for the criminal to go elsewhere.  The device can not  be trusted because one or more of the following exists:

  • The data stored on the computer is not protected from change, theft, deletion or can’t be kept confidential.
  • The software on the computer is not upgraded or patched to the currently known safest configuration
  • The device is not known to be free of malicious software that could copy or delete accounts, passwords, personal data or other sensitive information.
  • The computer or network (either wireless or wired) may allow data passing through to be copied, viewed, re-routed, altered or manipulated by unauthorized people.

In many cases, information being sent isn’t that important–it’s “just email” that doesn’t have any sensitive information in it.  The conflict arises when it becomes so convenient and comfortable to use that we forget it isn’t safe for sensitive information.  Crooks know human nature better than most, and they take advantage of the desire for convenience.   Criminals will deliberately go to a hotel computer kiosk and install keystroke loggers that send account information back to the criminal.  They will sit in public places (airports, coffee shops, libraries, hotels, etc)  with laptops configured to “sniff” or copy the data being transmitted over a wireless network on to their hard drive, then take it home to analyze.  Often they’ll wait several months and then use the compromised accounts and passwords when the victim has forgotten when they could have had their information stolen.

Wireless is more insecure because the transmissions are broadcast, like a radio, to anyone within broadcast range, not just the person using the wireless service.  That distance can be tens of feet in a city to miles in the desert.  When the wireless standards were written security wasn’t a concern.  As wireless has become more widespread additional standards have been written to try to correct what wasn’t done in the beginning.  Therefor there are multiple ways to configure wireless, some less secure than others.   The vast majority of wireless networks being used either at home or in businesses do not have the additional security and encryption configuration to keep casual snoopers out.  The earliest additional security configuration for wireless was Wireless Equivalency Protocol (WEP) which can be compromised in a few minutes.  Wi-Fi Protected Access (WPA) followed WEP but it can also be broken in minutes.  The latest Wireless configuration is WPA2, but it can also be broken although it may take a couple of hours.  Wireless computing is not to be as trusted as wired computing either at home or at work or when traveling.  If using wireless be hyper vigilant about what information is either on the portable device or what sensitive information could be compromised.

When away from home or work, physical security of the computer becomes much more important.  Tens of thousands of laptops are stolen from airports each year.  One of the largest data breaches in history occurred because a laptop containing PII of 26 million veterans was taken home and was stolen from home.

  • Use a VPN (virtual private network) which is an encrypted session between you and the work (or home) computer at the other end of the VPN.  A VPN prevents someone from reading what is sent within the encrypted session, but if malware is already present at either end, then the malware is sent (albeit encrypted) through the VPN to the computer at the other end!
  • On portable computers make sure that the hard drives are encrypted so that even if they are stolen or compromised, data cannot be read from them.
  • Never use a hotels’ common computers or a computer kiosk in a public place; virtually all of them have keystroke loggers on them.
  • If using personal equipment on someone elses wireless network, assume it is insecure
  • Don’t sent senstive information
  • Scan the computer when returning home.
  • Disable a laptop’s wireless network when not using it.
  • Disable smartphone wireless and bluetooth when not using it (also prolongs battery life)

Secure Home Wi-Fi! 

A home Wi-Fi is tied to an individual’s Internet Service Provider (ISP) account.  If a neighbor downloads child pornography, illegal music or videos through your Wi-Fi connection, your name is the one that the ISP will give the police.

  • Change the default router web configuration administrative password to something long (>14 characters, the longer the better) and set a long password for devices to connect to the Wireless Router network.
  • Record the passwords.  [Free AES 256 encryption digital password “safes” are KeePass (pc), Keeper (iPhone/Android-pay only if you use cloud storage)]  Wireless routers seem to need to be reset periodically or devices lose contact with them and you need to know the password to reconnect.
  • Select WPA2 encryption
  • For the SSID name use something general.  Do not use your house number,  last name, phone, family names, hobbies,  or anything that can point to whom the router belongs.  (Use animals, colors, insects, clothing, etc.)
  • In the configuration, uncheck “Broadcast SSID”.  That way your neighbors won’t see your network.  You will know the name and be able to type it in but they won’t. (There are pros and cons of doing this; if disabled your devices spend more time looking for your router signal).
  • Add the specific MAC addresses that are allowed to use the wireless router and deny all others.  MAC addresses can be found on smartphones etc and look like 01:ab:c3:44:5d;0f (use 0-9 numbers and letters a-f)
  • Unplug or shut off the Wi-Fi router when not using it.

For Enterprise-Class Wi-Fi (with Active Directory) implementing Wi-Fi,  here is a good summary

What’s the next thing on the block for Wi-Fi? 

  • SUPER WI-FI!    … Which can travel over much greater distances and uses the spectrum of unused television channels to broadcast.   http://www.geek.com/articles/chips/houston-grandmother-first-to-use-new-super-wi-fi-technology-20110424/
  • 4G — What is 4G?   4G stands for Fourth Generation of Cellular Communication.  There is not yet an industry standard on what 4G is and there is no true 4G service yet.  True 4G should have 10 times the speed of current 3G, enhanced security standards as well as an IP addressing system and reduced signal loss.   Areas with strong 4G coverage could use it for cableless home Internet access or Internet access on the move without needing a wireless hotspot.   Sprint and AT&T marketing departments call their WiMax or HSPA+ network, 4G.  T-Mobile & Verizon call their’s Long Term Evolution Advanced (LTE-A) .  All have what they say is 4G but they’re really just enhanced 3G, that is poised to use 4G when it is ready.     Securing 4G for businesses is another issue:   http://www.networkworld.com/news/2010/062110-securing-4g-smartphones.html and will have to include the following:
    • Securing data — it will be critical for all smartphones to have remote wipe to delete all data on lost devices (right now only iPhone and Blackberry have this capability).
    • Encryption — smartphones will need to use strong SSL VPNs and encryption of data on  the devices
    • IT departments will need to define what applications are allowed on company phones
    • Smart access based on a combination of identity, endpoint characteristics and behavior, multifactor strong identification, strong SSL VPN capability with customizable access based on the device.
    • Anti-malware for smartphones that doesn’t eat up the battery.  Androids present the biggest problem since Google doesn’t monitor the application writing standards like Apple and Blackberry do.

-Rugged is  understanding the different threats involved away from work or home, when using a portable computer (laptop, smartphone, tablet) or someone else’s computer.

34 Responses to VIII. Remote

  1. govworker says:

    Almost all public computers/kiosks have keystroke loggers? Shouldn’t the owners of the systems have the responsibility to scan and keep them secure?

    • Lydia says:

      That would be nice, but they don’t! If challenged in court, they (the entity providing the internet access) would force the complaintant to prove that the victims account, computer, etc was compromised by THEIR network. That’s virtually impossible to do a month, later when the victim discovers they’ve been had. Unfortunately, the only protection against public networks is user education. That’s why you are reading this, right? 🙂

  2. GTM says:

    You best have security/encryption enabled on your home network. The Firewall service on the home network provider’s router is a “joke” I’m told….

  3. Mr. D says:

    Anyone with a wireless router should take heed and secure it immediately.

  4. DB says:

    This is good information for everyone… not just people in the IT world.

  5. michael says:

    good information especially on wireless

  6. Jean says:

    Good information on wireless homes.

  7. Jose H says:

    Where is there a good place to get information on “Disable a laptop’s wireless network when not using it”?

    • Lydia says:

      There are several ways. Some laptops have a button to turn wireless on/off. On your smartphone you have to go into settings and you can turn wireless off (it also saves battery power if you do). On Windows you can disable it in the Network menu. (Start-Control Panel-Network–the name may be slightly different depending on the version of Windows). Depending on the version of Windows you have it’s called different things: Windows 7 Manage Wireless Network, Vista, Windows XP. Try searching for “Windows disable wireless network” in a search engine for steps specific to the version you have.

  8. HM says:

    Good information about Wi Fi.

  9. The Eye says:

    A skeptic here–is anything really ever 100% protected. I am increasingly unsure…and it is scary.

    • CWJ says:

      You make a very good point, The Eye, nothing can ever be 100% protected unless you turn it off and lock it in a safe and make sure it isn’t connected to anything. The ideas presented above are to take some steps to make it more difficult for someone to gain access to your information because the media connected to your device isn’t a cable or wire that you control it is radio waves. Anyone with the right receiver can intercept and with no security, gain access to your information. Adding security to your wireless connection is similar to the idea behind a locking the door on your house; however, if someone really wants in they could go through a window. We do our best to secure technology to present the least temptation to the honest and to discourage the dishonest. I think where most of us make our mistakes is not updating our security as new vulnerabilities are discovered.

  10. Ein2card says:

    Good steps on securing the home WiFi, I find it amazing just how many unsecured wifi networks are still out there!

  11. JS says:

    Excellent information on home Wi-Fi

  12. Arctic says:

    The Secure Home Wi-Fi is really scary………if someone really wanted to destroy a reputation and found out that the home had this set up………NOT GOOD! My wife’s sister has such a system for her house and now my wife wants one! Looks like we’re about to have a conversation….

  13. Bob Brown says:

    This is important information and as we get to a 4G environment securing devices will be the next frontier

  14. Pam Perret says:

    Everyone should take the steps to harden thier home wi-fi connections!

  15. Longshot9 says:

    Turn off your Wi-Fi router when not in use? Mine’s in use when at least one person is awake in the house. I think the cat gets on after we go to bed. We keep getting FedEx packages full of rubber mice…

  16. OctalMan says:

    Enterprises view WiFi as Free Wiring. It is anything but that. It is orders of magnitude more difficult to support and maintain than a wired network. WPA2 is not The Fix we’ve all been waiting for. Wireless is still vulnerable to jamming, spoofing, and determined hackers. The industry still has not made Enterprise Wireless manageable – look at EAP-FAST setup, and how much it varies depending on wireless chipset vendor. Enterprise wireless should only be used in niche applications, and supported by well trained teams. Home wireless is even worse – poorly documented, with terminology invented by marketing departments. Coffee shops and hotspots use the home version. Do NO financial business or logons over free wireless, and NEVER set an app to automatically log on, even at home.

  17. Buster says:

    “Add the specific MAC addresses that are allowed to use the wireless router and deny all others. MAC addresses can be found on smartphones etc and look like 01:ab:c3:44:5d;0f (use 0-9 numbers and letters a-f) ”

    I’m not a fan of MAC address filtering since it can easily be hacked by a determined thief.

  18. br says:

    always think security when using remote devices

  19. Beelzebubba says:

    good case for using hardwired PCs when doing personal stuff…

  20. concerned says:

    We must always be on our guard. New technologies, although helpful and more efficient, brings with it new security challenges

  21. DJM says:

    Someone can gain access to an unprotected home wireless network and that home is where the police or FBI execute the search warrant.

  22. AID says:

    Explained well why and how Internet is not secured, VPN and Wi-Fi.

  23. Guest says:

    No hotel computers or Wireless for me!

  24. gfr says:

    great wireless router security tips!!

  25. Sharkman says:

    Remote access to networks is here to stay, and even though there will never be absolute security(life is full of risk), they’re going to have to figure out how to get as close as possible if they want people to use it.

  26. Bill Bray says:

    Most people don’t understand this topic. This article helps to explain it.

  27. Bill Gov says:

    Gov says:

    This is a good section and recommend home Wi-Fi user should read it. Many home Wi-Fi devices do not disable the SSID.

  28. Bill McDade says:

    I agree this is a good section. I recently set my wireless router on a timer so it shuts off whle we are not home.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s