Internet Security update 0639

Internet Security update 0639

Security has become even more important due to the spread of wireless
networking. As a result, we've seen several new wireless security
companies spring to life and subsequently grow by leaps and bounds.
These companies make specialized solutions that consist of proprietary
hardware and software that guard wireless networks against a wide range
of potential intrusions.

Even if you have one or more of these specialized tools in place, you
can improve your wireless security, particularly by adjusting the
operation of your Access Points (APs). For example, you can manage AP
transmission output power and shape the pattern and direction of signal
transmission.

Although I don't know of any APs that ship from the manufacturer with
built-in configuration settings that let you adjust transmission power
levels, they might exist. If so, you could turn down the transmission
power output level to reduce the distance that the signals will
propagate. This helps limit the vicinity in which potential intruders
can operate.

If your AP doesn't include such a feature, you could possibly install
third-party firmware for your AP that does provide such support.
Several third-party firmware solutions are available for hardware based
on Broadcom chipsets, such as Cisco Systems, Linksys, Buffalo
Technology, ASUS, Motorola, Siemens, U.S. Robotics, and NETGEAR APs.

Last week I downloaded a third-party firmware package, installed it to
an AP, and configured it according to my needs in under 30 minutes.
Like most AP firmware, the third-party solution has an intuitive
interface, so I didn't need to read any detailed documentation to make
it work right.

As a result of installing the third-party firmware, I was able to
configure that AP to reduce transmission output from 20 milliwatts (mW)
to about 3 mW, which is all that I need for that particular office
space. As a result, any would-be intruders would have to be physically
in the office before they could get a usable connection to that
wireless network. The end result is stronger security for only a few
dollars.

Using third-party firmware offers other benefits. For example, the
firmware I installed supports a custom desktop client that interacts
with the AP. Using that client, I can see all the AP's connections;
view all broadcasting clients on the wireless network, including those
not connected to that AP; measure bandwidth usage; and more.

Other benefits include the ability to run Secure Shell (SSH) server
directly on the AP for remote access and administration. Doing so means
that I don't have to expose a Web interface. I could also establish a
PPTP VPN server, Quality of Service (QoS) and bandwidth management
parameters, and virtual LANs; quickly block peer-to-peer (P2P) clients;
configure IPv6; use a remote syslog server; force the use of Wi-Fi
Protected Access (WPA) and WPA2 authentication; and even configure a
way for guests to easily use the wireless network to surf the Internet
when visiting the office. Third-party firmware also offers many other
features that I don't have room to discuss here.

The bottom line is that third-party firmware is easy to install and
use, doesn't require any specialized skills or knowledge for everyday
use, is incredibly cheap to obtain and administer, and strengthens your
overall wireless security. If you do have advanced skills, you can
easily add on to third-party firmware solutions to extend the
capabilities even further. For example, you could add a mini-Web
server, a controlled access public hotspot interface, Voice over IP
(VoIP) capabilities, Remote Authentication Dial-In User Service
(RADIUS) authentication, and more.

If you're interested in more information about third-party AP firmware,
please send me a quick email message (even an anonymous message is all
right) to express your interest. Use "AP Firmware" as the subject of
your email so that I can quickly locate your message in my inbox. If
there's enough interest, I could write about how to decide which
firmware might be best for your needs, where to find it, how to quickly
and easily get it working for better security in your environment, and
how to extend its functionality even further.

Security News and Features

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities.

Update Rollup 1 for Windows 2000 SP4 Re-released
Microsoft didn't release any security bulletins this month as part
of its regular release schedule. Microsoft had previously indicated
that it would release one security bulletin, but the company discovered
problems in the patch and decided not to release it until it meets
quality control standards. However, the company did re-release Update
Rollup 1 for Windows 2000 Service Pack 4 (SP4) to address numerous
problems.

Critical Bug in Firefox, Mozilla, and Netscape Browsers
Last week, Tom Ferris reported a buffer overflow vulnerability in
Mozilla Firefox Web browsers. The vulnerability exists due to faulty
processing of URLs and could lead to the execution of remote code.
Netscape and other Mozilla browsers are also affected by the problem
because they share the same code base as Firefox.

Take a Closer Look at EFS
Contrary to popular opinion, Microsoft's Encryption File System
(EFS) is a reliable, easy-to-use, and secure encryption solution, and
it can trump even the network administrator's rights. EFS is great for
protecting confidential files on the network and on often-stolen laptop
computers. In this article, Roger Grimes discusses the basics of EFS,
talks about its purpose and functionality, and discusses basic
administrative tasks and pitfalls.

Resources

Cut Your Windows XP Migration Time by 60% or More!
If your organization is consideringor has already begun migrating
your operating system to Windows XP, then this Web seminar is for you.
Sign up for this free event and you'll learn how to efficiently migrate
your applications into the Windows Installer (MSI) format, to prepare
them for error-free deployment, what steps you need to follow to
package your applications quickly and correctly, and more!

Discover SQL Server 2005 for the Enterprise. Are you prepared?
In this free half-day event, you'll learn how the top new features
of SQL Server 2005 will help you create and manage large-scale,
mission-critical enterprise database applicationsmaking your job
easier. Find out how to leverage SQL Server 2005's new capabilities to
best support your business initiatives.

Get Ready for the SQL Server 2005 Roadshow in Europe
Back By Popular DemandGet the facts about migrating to SQL Server 2005!
SQL Server experts will present real-world information about
administration, development, and business intelligence to help you
implement a best-practices migration to SQL Server 2005 and improve
your database-computing environment. Receive a one-year membership to
PASS and a one-year subscription to SQL Server Magazine.

Are You Walking the Tightrope Between Recovery and Continuity?
There's a big difference between the ability to quickly recover lost
or damaged data and the ability to keep your messaging operations
running normally before, during, and after an outage. In this free Web
seminar, you'll learn what the technical differences are between
recovery and continuity, when each is important, and what you can do to
make sure that you're hitting the right balance between them.

High Risk Internet Access: Are You in Control?
Defending against Internet criminals, spyware and phishing and
addressing the points of risk that Internet-enabled applications expose
your organization to can seem like an epic battle with Medusa. So how
do you take control of these valuable resources? This free Web seminar
will give you the tools you need to help you analyze the impact
Internet-based threats have on your organization and tools to aid you
in the construction of acceptable use policies (AUPs).

Release

Consolidate Your SQL Server Infrastructure
Shared data clustering is the breakthrough consolidation solution
for Microsoft Windows servers. Find out how you can reduce the overall
Total Cost of Ownership (TCO) for SQL Server cluster deployments by as
much as 60 percent over three years!

New and Improved

Management and Security Appliance
KACE announced KBOX IT Management Suite 2.0, a server appliance for
midsized businesses that manages and monitors inventory, distribution,
patching, security, compliance, messaging, licensing, and performance
for the systems on their networks. When you add the KBOX Security
Enforcement and Audit Module, the KBOX appliance scans for and reports
on known security vulnerabilities based on the Open Vulnerability and
Assessment Language (OVAL) standard, which covers almost 1000
vulnerabilities and is sponsored by the United States Computer
Emergency Readiness Team (US-CERT) and the Department of Homeland
Security. KBOX also lets you deploy security policies with support for
automatic remediation, repair, and if necessary, network node isolation
(quarantine).

Internet Security News Home