The first thing that I see as a problem usually does not involve expert cracking. Freely available on the internet are many programs that focus on specific vulnerabilities in a particular operating system, protocol or other feature of your network. Most cracks involve something as simple as a Trojan horse, which will leave a backdoor account open to the cracker. Young teenagers have been known to utilize such tools effectively, even against some corporate giants.
It is because of these types of attacks that users (even if it is your family hooked up to a small LAN on a cable modem) need to be educated about some basics that will stop most typical hackers.
First of all, lets talk about passwords. Many of these tools that I have mentioned will expose null passwords. This means that if you do not enter a password when you log in, these scanners will show that to the potential offender, and then the hacker can easily take control of your system. There are many schools of thought on how complex a password should be. We won’t go there. It depends entirely on your data and how secure you want your system to be. Generally speaking, eight characters in length with a mix of upper and lower case letters, numbers, and symbols such as “_” or “-” will bring most brute force cracking engines to their knees, or at least keep them busy for an awful long time.
Another thing to keep in mind is default user accounts. Disable or delete all default user accounts that you can, and then set up real user accounts (with passwords) for all of your users. Be sure that all of your users can log on properly and that at least one of those users has administrative privileges before deleting or disabling the default accounts. In summary, make up your own password policy and make sure that your users to follow it.
The next item up for discussion is email attachments. I have two points that I can’t emphasize enough;
1). Install antivirus software. (ahem, INSTALL ANTIVIRUS SOFTWARE.) Also, keep it up to date. Most new virii are aimed at the corporate giants who seem to find a remedy very quickly. Thus by the time you receive any given virus you will probably have the appropriate software already installed.
2). Save the attached file in a folder before opening. I leave a folder on the desktop just for this. My reasoning behind this is that nine times out of ten your antivirus software will recognize the infected file when you attempt to copy it.
Another interesting point to consider when opening attachments: it is more likely that you will recieve a virus from someone that you know rather than a total stranger. Most virii propagate by using addresses they have found on a victims contact list. The chances are high that your address will be in someone that you know’s address book, rather than a complete stranger’s.
In summary, always check attachments and verify that they are clean before opening. It is also a good idea to ask people that you know that do send you attachments to send an email ahead of time to inform you that the next email will contain an attachment and that it is safe and not a virus.
Last but certainly not least is physical security of your machines. Keep them locked up as much as is practical. Lets face it, anyone with a bootdisk can have control of an unlocked computer. Machines with sensitive data should always remain under lock and key. Many hackers can exist inside of your network. It is better to keep the honest people honest than to have to recover from data loss; especially when that loss is a direct result of someone having access and/or privilieges that they did not need and obviously did not deserve.
For the truly paranoid (although this does not really affect your end users), be aware of where your network cabling is. It is not that difficult to hide a laptop with a packet sniffer running in a crawlspace.
In conclusion, all of the best firewalls and security software in the world are not going to help you if your users are leaving machines wide open to anyone who wants access to them. If you can educate your users on the importance of security (i.e. there is no business if all of your trade secrets have been leaked out…) and what they need to do to keep their individual systems secure, you have just reduced the potential success of a majority of attacks.
nmap is one of the most powerful port scanners available. It is extremely configurable and excellent documentation exists for it. nmap is even available for most common operating systems, including Windows NT, Linux, Solaris, Unix, Mac OSX, and more. The best thing about nmap is that it is 100% free.
Jay Fougere is the IT manager for the Murdok network. He also writes occasional articles. If you have any IT questions, please direct them to Jay@https://murdok.org.
