Best wireless router

Archived from groups: alt.internet.wireless (More info?)

Perhaps it's paranoia, but I'm concerned about the security offered by my
802.11b Network Everywhere wireless router and would like to upgrade to
something more secure.

Although nothing is foolproof, is there a router that would offer a very
high level of security and not allow other wireless devices onto my network?

In my current setup, I have the following.

1. SSID is set to not broadcast.
2. WEP password enabled.
3. Restrict the number of DHCP ip addresses to 5 (one for each device on
the network).
4. MAC filtering never worked with this router otherwise that would be
enabled as well.

Thank you

Anna

Archived from groups: alt.internet.wireless (More info?)

You're already ahead of the game. What you've provided to us is good
level of security for your network. I'll just add the following:
1. Not broadcasting the SSID is simply a minor hurdle. There's no
real advantage to it, but every hurdle counts.
2. If your wireless router has WPA encryption available, enable it.
It is more secure than basic WEP. If you only have WEP, change the
WEP keys once a week or so.
3. I prefer not to use DHCP. Using DHCP allows war drivers to see
your IP address. Therefore, I manually configure my NICs and notebook
cards. Also, don't use the router's default settings. For instance,
if you have a D-Link wireless router, the SSID might appear as DLINK.
Change the default IP address from 192.168.0.1 or whatever it is to
something totally different. For instance, 10.78.1.100. Beware that
some routers wil only allow you to change the last six digits of an IP
address.
4. MAC filtering is a good security measure, however, MAC addresses
can be spoofed. Still, every hurdle counts.
5. Change the default password of your router.
6. Use TCP/IP for internet use only. Use NETBEUI for file and print
sharing.

Take care.

On Sun, 17 Oct 2004 09:03:08 GMT, "Anna" <no@spam.com> wrote:

Perhaps it's paranoia, but I'm concerned about the security offered by
my
802.11b Network Everywhere wireless router and would like to upgrade
to
something more secure.

Although nothing is foolproof, is there a router that would offer a
very
high level of security and not allow other wireless devices onto my
network?

In my current setup, I have the following.

1. SSID is set to not broadcast.
2. WEP password enabled.
3. Restrict the number of DHCP ip addresses to 5 (one for each device
on
the network).
4. MAC filtering never worked with this router otherwise that would
be
enabled as well.

Thank you

Anna

Archived from groups: alt.internet.wireless (More info?)

On Sun, 17 Oct 2004 14:53:30 GMT, in alt.internet.wireless , Doug Jamal
<bishiv6ERASETHISPORTION@yahoo.com> wrote:
>3. I prefer not to use DHCP. Using DHCP allows war drivers to see
>your IP address. Therefore, I manually configure my NICs and notebook
>cards.

Eh? If you're using TCP/IP, then your IP is visible to wardrivers. Using or
not using DHCP isn't going to change that.

>Also, don't use the router's default settings. For instance,
>if you have a D-Link wireless router, the SSID might appear as DLINK.
>Change the default IP address from 192.168.0.1 or whatever it is to
>something totally different. For instance, 10.78.1.100. Beware that
>some routers wil only allow you to change the last six digits of an IP
>address.

Agree with all this, tho.

--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.ungerhu.com/jxh/clc.welcome.txt>


----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

Archived from groups: alt.internet.wireless (More info?)

I stand corrected. Thanks.


On Mon, 18 Oct 2004 00:08:23 +0100, Mark McIntyre
<markmcintyre@spamcop.net> wrote:

On Sun, 17 Oct 2004 14:53:30 GMT, in alt.internet.wireless , Doug
Jamal
<bishiv6ERASETHISPORTION@yahoo.com> wrote:
>3. I prefer not to use DHCP. Using DHCP allows war drivers to see
>your IP address. Therefore, I manually configure my NICs and notebook
>cards.

Eh? If you're using TCP/IP, then your IP is visible to wardrivers.
Using or
not using DHCP isn't going to change that.

Archived from groups: alt.internet.wireless (More info?)

On Sun, 17 Oct 2004 23:33:24 -0400, "Hackworth"
<NoSpam4Me@spamless.net> wrote:

>
>"Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
>news:es85n0hnu77a0a6r5k0i75i59brpbcf4t2@4ax.com...
>> On Sun, 17 Oct 2004 14:53:30 GMT, Doug Jamal
>> <bishiv6ERASETHISPORTION@yahoo.com> wrote:
><snip>
>> 2b. Select "Open System" instead of "Shared Key" for authentication.
>> Shared Key sends the WEP key for authentication and is actually less
>> secure than no authentication.
><snip>

>Hmmmm... this is news to me, Jeff. I'm no wireless expert by any stretch of
>hte imagination, but Linksys' own built-in WRT54G router help for WEP says:
>"Shared Key authentication is more secure [than Open], but all devices on
>your network must also support Shared Key authentication."
>I have shared key enabled on my wireless AP and on each client as Linksys
>recommends, but I'm no expert and would like to know more. Can you go into
>slightly more detail as to why Shared is not as secure as Open?

That was probably written by Linksys before the "shared key"
authentication exploit was discovered. If it worked as originally
designed, that would be correct. As usual, the problem is the key
exchange mechanism.

The topic was covered this week in alt.internet.wireless:
http://www.google.com/groups?selm= [...] com&output
http://www.google.com/groups?selm= [...] -berlin.de

Some notes on the topic.
http://user.it.uu.se/~carle/Notes/ [...] urity.html
Note the absurdity of Orinoco using the SSID as the shared key, or of
most vendors using the WEP key as the shared key.
http://openthought.org/blosxom.cgi [...] s/Security
see Feb 10, 2004 article.

Some heavy reading on 802.11 security:
http://www.drizzle.com/~aboba/IEEE/


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Archived from groups: alt.internet.wireless (More info?)

Thanks everyone! There's some good tips in here I will look at.

"Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
news:79h6n0d847t6eu66louhcafp7q5mmageou@4ax.com...
> On Mon, 18 Oct 2004 02:25:48 GMT, Doug Jamal
> <bishiv6ERASETHISPORTION@yahoo.com> wrote:
>
>>>Eh? If you're using TCP/IP, then your IP is visible to wardrivers.
>>>Using or
>>>not using DHCP isn't going to change that.
>
>>I stand corrected. Thanks.
>
> Eh? Methinks you were right the first time.
> Let's play encapsulation:
> 1. Wireless uses bridging, not routeing. Bridges don't know anything
> about IP addresses and TCP/IP functions.
> 2. 802.11 encapsulates 802.3 ethernet packets.
> 3. Encryption encapsulated the 802.3 headers and payload.
> 4. The only thing visible (i.e. not encrypted) are MAC addresses. All
> the TCP/IP addresses are in the 802.3 ethernet headers (which are
> encrypted).
> 5. NetStumbler shows MAC addresses, not IP addresses. If it could see
> IP addresses, it would probably have shown them.
>
> That being said, methinks obscuring the IP address is a waste of time.
> Many routers support RARP (reverse address resoltion protocol) which
> allows one to query a device by MAC address and return the
> corresponding IP address. I have a few other tricky ways to extract
> the IP address block from some packets. For example, if someone left
> RIP2 (router information protocol) broacast enabled (the default on
> many routers), it would broadcast the router table, complete with IP
> addresses and routes to connected networks, in the clear.
>
> I don't think that obscuring the IP addresses is much of a security
> measure. However, it does slow down the casual hacker. I use
> non-default Class C IP blocks for a very different reason. If you're
> building a VPN tunnel between two routers, you cannot use the same
> Class C IP block on both ends. (Actually it does work with a few
> routers, but it's not kosher). So, every one of my customers ends up
> with a different Class C IP block, or I can't play VPN tunnel to them.
>
> Also, please stay within RFC-1918 guidelines for private LAN IP
> addressing.
> 192.168.0.1 -> 192.168.255.254
> 10.0.0.1 -> 10.255.255.254
> 172.16.0.1 -> 172.31.255.254
>
>
> --
> Jeff Liebermann jeffl@comix.santa-cruz.ca.us
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 AE6KS 831-336-2558

Archived from groups: alt.internet.wireless (More info?)

Why not just disable DHCP altogether? If you only have a few
workstations to configure, just configure 'em manually.

- Steve

On Fri, 22 Oct 2004 10:28:26 +0100, Simon Pleasants
<plesbit@hotmail.com> wrote:

>On Sun, 17 Oct 2004 14:53:30 GMT, Doug Jamal
><bishiv6ERASETHISPORTION@yahoo.com> wrote:
>
>>3. I prefer not to use DHCP. Using DHCP allows war drivers to see
>>your IP address. Therefore, I manually configure my NICs and notebook
>>cards.
>
>Notwithstanding the whole debate already posted which follows this
>post, I run my system in a similar way to the OP. She has reduced her
>DCHP pool to match the number of devices she attaches. To me that's
>good thinking, but then I would say that because I've done it myself.
>In my case that's four IP addresses. But I've gone one stage further
>as each of those four is reserved for allocation to a particular MAC
>address. Therefore if someone does manage to crack the encryption the
>router still will not issue an IP address. Surely this particular
>"hurdle" would be lost completely by using static IP on each of the
>WLAN computers?
>
>Additionally, the software firewall on the server is configured to
>accept connection from only those four addresses and reject everything
>else so if someone did manage to connect outside of this range they'd
>be denied access to anything except the internet.
>
>As an aside, there are only four shares, all of which are accessible
>by only two usernames and one of those has read only access to three
>of them. Directories that contain sensitive files, such as they are,
>are restricted to only my username, encrypted and password protected
>by the software to which they belong, not that there's anything on my
>system to make it even worth cracking the WEP let alone trying to hack
>through ZoneAlarm, then hack the username and password needed to get
>access to the shares and then hack the passwords on individual
>spreadsheets! Besides, with four other wireless networks "visible"
>from my house, three of which have no encryption enabled, I like to
>think they'd be targetted first!

Archived from groups: alt.internet.wireless (More info?)

Simon Pleasants <plesbit@hotmail.com> wrote:

> Notwithstanding the whole debate already posted which follows this
> post, I run my system in a similar way to the OP. She has reduced her
> DCHP pool to match the number of devices she attaches. To me that's
> good thinking, but then I would say that because I've done it myself.
> In my case that's four IP addresses. But I've gone one stage further
> as each of those four is reserved for allocation to a particular MAC
> address. Therefore if someone does manage to crack the encryption the
> router still will not issue an IP address. Surely this particular
> "hurdle" would be lost completely by using static IP on each of the
> WLAN computers?
>
> Additionally, the software firewall on the server is configured to
> accept connection from only those four addresses and reject everything
> else so if someone did manage to connect outside of this range they'd
> be denied access to anything except the internet.

On most wireless routers, restricting the DHCP pool has no effect on the
total number of wireless clients that can connect. A machine with a
manually assigned IP within the router's subnet, as determined by its
subnet mask, will still be able to use the network. And the DHCP pool
will only be filled when all four machines are powered and connected.
Turn one off, and its address could be assigned to an interloper. You
could add MAC addresses to the routing table entries, but MAC addresses
can be spoofed.

The real problem is that, once your wireless network's encryption has
been cracked, all the traffic that flows across it can be monitored.
Addresses, IP or MAC, won't matter. I don't think all that fussing with
addresses gets you much extra security. Anybody able to crack WEP will
find those addressing hurdles trivial.

Archived from groups: alt.internet.wireless (More info?)

On Mon, 25 Oct 2004 10:38:23 +0100, Simon Pleasants
<plesbit@hotmail.com> wrote:

>Maybe so but it all adds to the time delay. First crack the
>encryption, then sniff the MAC and IP addresses of the authorised
>machines. It all involves sitting there capturing packets, during
>which time you'd have to be parked on my front lawn since that's the
>only place outside the house the signal can be received.

True. Actually, the problem of sniffing is more difficult than that.
In order to do a meaningful data capture, it is necessary to sniff and
capture both ends of a wireless session. One can usually hear the
access point, but the client radios are usually quite weak on the
outside of a building. Even if one were handed the WEP key, sniffing
for credit card numbers and passwords requires that the client radio
be sniffed, not the access point.

This became apparent when I as asked to do a "security audit" which is
a politicially correct term for what I consider to be fun. I'll try
to list some of the problems encountered without turning this into a
hacking tutorial.

One of my customers has a wireless bridge between two buildings. I
tried to sniff the traffic and found that there was almost no signal
at ground level due to highly directional dish antennas. I could find
a location where I could hear ONE end of the link, but I never could
find a place where I could hear both. Therefore, I had to use two
sniffers to capture data.

Another customer wanted to know if I could actually perform an actual
breakin of their wireless bridge without their knowledge. I climbed
the where the wirless router was located, installed a 10baseT hub, ran
CAT5 down to my truck in the parking lot, and sniffed away the
unencrypted traffic. Conduit and a secure box were installed within a
week.

The home version of the same attack is similar. I crawl under the
house, find the CAT5 cable, strip back the insulation, install a Telco
110 block, build a tap, and I'm on. If it looks like it's going to be
a semi-permanent tap, I cut the cable, install two RJ-45 connectors,
insert a hub (not a switch), and bring the cable tap out to some place
convenient (usually the Telco MPOE which always a mess of wires).

I was waiting for a meeting on security and decided that I wanted to
get an early start on cracking the WEP key. So, I went to the nearest
unoccupied workstation, which was conveniently left logged in, and
used regedit to extract a human readable copy of part of the registry
tree. A quick search found where the WEP key was stored. When the
meeting finally started, I was asked how long it would take me to
crack their wireless LAN encryption and supply the WEP key. I
announced that I had alread done so while waiting for the meeting.
When the shouting stopped, I also announced that I had collected a few
login and password pairs, which were scribbled on post-it notes found
under keyboards and written on deskpads.

At another conference, I used my PalmOS based cell phone (QCP-6035) to
beam around my "business card" to various participants. I knew from
past experience that they would leave their Palm Pilots on the table.
I managed to empty the contents of one Palm Pilot, where all the major
passwords were conveniently stored in the Notepad. I present them to
the horrified owner. The WEP key was among them.

>By the time
>you've done that, assuming I've not clamped your car and called my
>neighbour (a police detective), I've changed the key and you start
>over again.

Nobody changes their WEP keys regularly. I've written scripts,
running from cron (Scheduled Tasks) to change WEP keys at regular
intervals. Unfortunately, I'm the worlds worst programmer, so they
ocassionally fail, resulting in a communications loss. After one or
two failures, I'm told to dump the automation and the IT department
will assign someone to take care of it manually. That usually lasts
about a month.

However, that's only between wireless bridges, where one could have
access 24/7. Client computers aren't like that and changeing WEP keys
on laptops and PDA's is an ordeal. One company passed out a memo with
the 52 WEP keys for the next year. There was literally a user revolt
claiming that users were required to do too much work that was clearly
the IT departments responsibility.

>Much easier to go after one of the other permanently
>available networks in my street - which has no encryption.

Yeah, but if it were easy, it would be no fun.

>Incidently, since you appear to know more about security than I do,
>assuming someone has been able to crack the WEP key, spoof the MAC
>address, bypass the IP address limitations etc and log into my
>network, they still need to provide a username and password to access
>my server.

Assuming you're not running a VPN, that's usually sufficient to do
some sniffing of traffic. It is possible and somewhat difficult to
crack the Windoze shares passwords, but with difficulty. NETBIOS
security is actually quite sufficient to keep hackers like me out of
systems, but few users want to tolerate the inconvenience. Those that
do invariably use the same password for everything, and are therefore
easily hacked by "social engineering". Light reading:
http://cable-dsl.home.att.net/netbios.htm

>Access permissions on all shares are heavily restricted
>with only one account (mine) having full access - and even then some
>files are password access only.

My critical files a encrypted on the assumption that someone will
steal the computah (or my backups) and end up with everything anyway.
Without the encryption keys, they can't view or use the files.

>Can all this information be captured, simply by sniffing IP packets?

Yes, given sufficient time, tools, and effort.

>What about if I am using my credit card to buy stuff off the internet?
>I'd be interested to know....

All credit card transactions are done through a SSL encrypted session.
This type of encrytion is not totally foolproof, but is deemed "good
enough" for most purposes.

However, you're looking at this all wrong. Nobody wants "accesss" to
your computah unless they want to steal documents. Such exercises to
obtain one credit card number or password is not generally worth the
effort. What the average hacker wants is control of your machine.
The pre-teen brats and Russian extortionists want to use it for DDOS
attacks. The FBI wants to monitor your email and browsing habits.
Sniffing for information is a waste of time unless one is doing
industrial espionage. Taking over your computer for DDOS attacks,
porno storeage, installing keystroke loggers to capture credit card
numbers, and installing spyware, are far more productive than
sniffing. If you connect to a corporate LAN via a VPN tunnel, taking
control of your machine would give me unrestricted access to the
corporate LAN.



--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Archived from groups: alt.internet.wireless (More info?)

Simon Pleasants <plesbit@hotmail.com> wrote:

> Maybe so but it all adds to the time delay. First crack the
> encryption, then sniff the MAC and IP addresses of the authorised
> machines. It all involves sitting there capturing packets, during
> which time you'd have to be parked on my front lawn since that's the
> only place outside the house the signal can be received. By the time
> you've done that, assuming I've not clamped your car and called my
> neighbour (a police detective), I've changed the key and you start
> over again. Much easier to go after one of the other permanently
> available networks in my street - which has no encryption.

Yes, an attacker would probably go after the unencrypted networks first;
but he wouldn't be stopped by MAC filtering or IP addressing after he'd
cracked an encrypted, because cracking encryption is what takes the
time, usually hours. (See
<http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/>
for an account of cracking a WEP network.) Spoofing MAC and IP addresses
takes only minutes. The thief who breaks into a bank vault also comes
prepared to drill out the locks on the deposit boxes.


> Incidently, since you appear to know more about security than I do,
> assuming someone has been able to crack the WEP key, spoof the MAC
> address, bypass the IP address limitations etc and log into my
> network, they still need to provide a username and password to access
> my server. Access permissions on all shares are heavily restricted
> with only one account (mine) having full access - and even then some
> files are password access only.
>
> Can all this information be captured, simply by sniffing IP packets?
> What about if I am using my credit card to buy stuff off the internet?
> I'd be interested to know....

I am far from an expert on security, but . . .

Everything flowing across a wireless network can be captured. In fact,
it has to be captured first before its encryption can be cracked. (Note
that the author of the O'Reilly article dumped the raw traffic into a
file and then let AirSnort go to work on the file.) Once the wireless
network's encryption has been cracked, the security of anything passing
along that network depends on what protocols are being used to transmit
it. (The networking guys talk about this stuff as "layers".)

AFAIK most commonly used file sharing protocols (SMB, etc) don't send
user passwords in the clear, but also don't encrypt everything that
passes between client and server. Unless the files themselves have
already been encrypted, such as with PGP, the contents of the files
would be visible to an attacker.

The protocols used for web transactions do include fairly strong
encryption, so even if an attacker had cracked your wireless network and
was intercepting all the traffic between your web browser and a
retailer's web server, he couldn't get anything useful from it until he
cracked that additional layer of encryption (SSL or whatever).

How many security measures to employ is always a question of costs
versus benefits. I consider wireless encryption, non-trivial passwords,
and firewalls (at least one between your LAN and the Internet) to be the
basic essentials, well worth the trouble. After that, fussing with DHCP,
SSID, and MAC settings doesn't get you much in added security. These
days, the biggest computer security threat doesn't come from some guy on
the street with a laptop, but from all the spyware, worms, phishing, and
other malware that gets past all the network security measures because
applications more or less invite it in.

Archived from groups: alt.internet.wireless (More info?)

On Tue, 26 Oct 2004 10:59:26 +0100, Simon Pleasants
<plesbit@hotmail.com> wrote:

>I believe I have done all that is realistically necessary to discourage
>passers by from trying to tap into my network although if you have any
>ideas as to how I can improve it further then I will gladly listen.

Such fun it is...

As far as the wireless sniffing end of the security puzzle, you've
done all the right things. As far as physical access to your network
wiring, I'm not so sure. As I previously noted, access via wireless
is not the best way to obtain information. I prefer wiretap, hardware
keyloggers, RF screen captures, and the addition of an extra "rogue"
access point to the network. I've also used security cameras to
record keystrokes on video tape. I was doing some experiments in
tapping a DSL line at the MPOE (phone line). It's not impossible, but
I wasn't having much luck. Tapping cable modems would be difficult
because the DOCSIS BPI and BPI+ (baseline privacy) 40/56bit
encryption.

In the few genuine theft of proprietary information cases that I know
about the details, the greatest damage was done by theft of the backup
tapes or cd's, usually by employees or former employees. I consider
it appalling that few backup utilities encrypt their data[1]. Some
are password protected, but the data is still easily accessible. I
could steal your backups, reconstruct a clone of your system, and gain
access to your unencrypted files. Therefore, anything of value on my
machines is either encrypted, or on removeable media. I have a cdrom
"shredder" for destroying old backups. I bought a bunch of used once
DDS-3 DAT tapes on eBay, and ended up with a rather interesting
assortement of memos, spreadsheets, financials, and email from a now
defunct dotcom. I know of people doing computah forensics (extracting
evidence from computah media) that can recover an amazing amount of
data from an allegedly dead or formatted hard disk.

The real problem with wireless is the same as the real problem with
network security. Real security involves monitoring and inspecting
terminally boring log files. This is pure drudgery and is usually
avoided. Most san LAN administrators setup alarms and traps, but
those are not very effective if their nature and presence are known.
Most attackers are discovered "by accident" which is nice term for
nobody was paying attention. Methinks the next generation of business
and possibly home routers will include some form of intrusion
detection and logging. A few home wireless routers BEFW11s4 V4 can
send SNMP traps, which can go to some form of intrusion detection
system. I use Log Viewer:
http://www.logviewer.de.vu/
to format the output so I can see what's happening. Not exactly
automated but I can certainly detect any new users and odd traffic and
get a good clue what they're doing.


[1] There's a good reason why backups are not encrypted. Most backup
system compress their data using an error correction system that would
compromise the ability of the software to recover from defects. This
is fairly important as many utilities conglomerate everything into one
big compressed archive. Without ECC, a single error would render the
entire backup archive, rather than one individual file, unuseable.
With the high error rate of most tape and CD systems, error correction
is manditory.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Archived from groups: alt.internet.wireless (More info?)

kd:
>One thing not mentioned is IP filtering. In that test, it describes how
tcpdump was
>used to acquired a range of IP addresses from the AP's DHCP server. If
>the range was filtered out the test to connect would have failed,
>correct?
I have accidentally (manual setup, no DHCP) set two computers with same IP
number.
They both worked, and both displayed a little message box, but my
experienced computer users had no clue what it meant.
So any hacker could use an existing IP, specially if it wasn't in use at the
time.
Regards,
Martin

Archived from groups: alt.internet.wireless (More info?)

On Wed, 27 Oct 2004 08:19:33 +0100, Simon Pleasants
<plesbit@hotmail.com> wrote:

>It interesting that so
>many of your examples contain references to set ups where sys admin or
>equivalent staff have paid attention to "proper" security measures but
>which have been rendered useless by application of simple common sense
>and / or end user laziness / stupidity.

That's mostly because I'm devious, sneaky, unethical, and never follow
instructions. I also know exactly how things work and therefore how
to take advantage of such things. The typical IT staff may know the
operation, use, and implementation of various computer network
sub-systems, but usually lacks any experience with wireless, RF, phone
systems, surveillance cameras, building construction, locks, and
access control. If you know how these things work, you can make them
do things for you.

Another example. Security door to the server room has an electronic
lock with 10 push buttons. Watching the admins enter the room, I
determined that the code was 4 digits long. A quick inspection showed
dirt on only 4 of the buttons. I got the code on the fifth try (I was
lucky). How many IT departments bother to wash the door locks?

Different IT department, but similar security door. I noticed that
the door fit the frame rather loosely. So, on the way out, I shoved a
wad of paper into the striker box and made sure I was the last one out
of the server room so I could close the door. We went to lunch and
the conversation drifted to lock picking. I offered to pick the
server room door lock, wasted about a minute with a smoke and mirrors
act, and then opened the door. Nobody figured out how I had done it
so easily. The door was already open.

Another server room was well secured with a card lock entry system. I
was about to declare it secure until I noticed the suspended ceiling.
I just climbed up onto a file cabinet, removed a ceiling tile, and
climbed down the other side of the wall. I made a mess of my suit,
but the look on the IT managers face was worth it. Later, I picked
the cheezy wafer lock on the card lock box, popped open the cover, and
had access to the electric door latch wires. If I had remembered to
bring a 12V battery and clip leads, I could have opened the door.

One small company asked me if I could steal the information on a
fairly accessible computah without detection. I didn't have time to
do the actual exercise, so I just explained how I would have done it.
I would clone the disk drive using Norton Ghost or Drive Image to
another hard disk and extract the data at my liesure. If a weekend, I
would just borrow the hard disk and return it later. They secured the
comptah shortly thereafter. With USB2 and IEEE-1394B, I don't even
need to open the machine to burn a DVD image. However, the new
workstations without a bootable floppy drive will slow me down a bit.

To be fair, I know of several ISP's with more than adequate security,
where my dumb tricks would be useless. However, most corporate
networks aren't even close to secure, and most homes really easy. In
general, I suggest one concentrate on physical access security, and
then worry about the high tech stuff. Most of my tricks rely on
physical access.

I'm not a security expert and have a limited bag of tricks. Imagine
what a real security expert can do.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Archived from groups: alt.internet.wireless (More info?)

Simon Pleasants <plesbit@hotmail.com> wrote:

> Which underlines my point about locking up the network itself but
> leaving huge opportunities for people to get around the security. In
> the past I have had to have a go at accounts staff for leaving all the
> access details to our electronic banking system, including BACS and DD
> details, stuck on the computer which controls them.
>
> (After they were removed the accounts manager managed to get them
> wrong three times and the bank locked them out of the system until a
> new package could be sent out and a telephone support routine had to
> be undergone in order to re-activate the system)

Inconvenience is the cost of security. That applies to information
systems as much as to air travel. But some iconveniences don't buy you
much additional security. Hijcking has been reduced by ending the policy
of appeasing hijackers, not by making passengers take off their shoes.
Security is less the result of a technical fix than of a social mindset.