India. Is that internal address an ip camera? Lots of times the host offshore.
Great Info! BTW, I put my password into emails and save them in a
separate folder - but I decided someone could hack my email and get
all of my passwords. So I installed "Dashlane" which generates and
saves password info. It doesn't produce 14 digit passwords so
I'll need to change this to longer pw's as you suggestion --
Thanks! At least I'm not writing them down anymore ;-)
I checked the log in my router (it does have MAC) and found this and
other like it say "[LAN access from remote] from
117.202.195.89:14815 to 192.168.1.3:26472, Wednesday, Feb 04,2015
05:00:42" (192.168.1.3 is one of my devices) How can I find out
what 117.202.195.89 is? will whois?
LarryT
On 2/3/2015 10:37 AM, Rick Moseley
wrote:
George,
Sure... See bullet
one below for starters. Usually (as you mention) you have
financial records on your computers at home and they are
usually tied to the home network so they can get to the
internet. Having a wifi access point (AP) is just a way for
those of the "nefarious" bent to get into your system.
Having wifi devices you use outside the house then bring
back into the house is another way hackers can get to you.
Strong password... fictional phrase sorta
like assault rifle. It used to be passwords were set into 7
character hashes, so a good password exceeded 14
characters. As an NSA security guy used to say in his
seminars, a long easy to remember password is better than a
shorter complicated password (ie YellowBrickRoad is a
better password than Dki73@jt$K). Why? You can remember the
long easy password and not have it written down. Yes, in
corp. environments people used to (and probably still do)
write them on post-its and keep them under their
keyboards.... So long password still applies for system
passwords but generally when someone is "warring" your wifi
they are getting the whole password anyway so the length is
not so critical there anymore. For more on this look to
someone like Darren Kitchen (Hak5Darren) online and he's
made some amazing youtube videos that show you how to
perform such hacks as "man in the middle" where you use off
the shelf apps on a Linux laptop and can sit around any
public wifi and collect the passwords. Basically, they
monitor your communication while online. They can interrupt
your connection and when it reconnects, it resends the
password and they have it. Well, if they can do it on
public wifi they can do it on the private too.
So, what do you do for your wifi? Some
thoughts in no particular order. Some will sound Greek I'm
sure:
- If your router
lets you do MAC filtering, use it... but the really
sophisticated hacker can spoof MAC addresses too
- Still, use a
password in excess of 14 characters. It forces those
doing brute force attacks to take much longer. They'll
move on to someone less cautious. Its sorta like using
"the club" on your steering wheel. Not really a deterrent
but the lazy thief will leave you alone and go after the
car next to yours that doesn't have one.
- segment your
network (smart switch or virtual addressing). Keep the
wireless routers on a separate segment than the main
computers. This way if your wifi gets hacked they can't
get to the main PCs. If your devices you take in public
get compromised they can't infect or allow access to PCs
on the other parts of the network
- Same goes for
your wired or wireless IP cameras (they host out so they
too are vulnerable)
- run a UTM on
your network entry point (dsl, cable, satellite) Unified
Threat Manager. This can be software on your main router
or a software based router running on a PC ( an old PC
used as a UTM will still be faster and have more memory
than even the best consumer grade "plastic box" routers on
the market).
- run VPN software
on your mobile devices. Any time your are on public wifi
you should be running a VPN. Safest way to protect your
data stream from being compromised. Often times with
compression turned on its even faster too.
- DON'T leave your
wifi devices online when you are at a hotel. Use them,
turn off wifi when you are done. Leaving a mobile device
online all night in a hotel is the most common place
devices get hacked
There is
more than can fit here but these are some basics. I run a
pfSense box at home behind my DSL terminal adapter (modem).
It runs Suricata as a real time network scanner. Through a
smart switch I run 4 separate network segments and heavily
control the traffic between them. My little nobody house
network in the mountains gets hit on by the Chinese and the
RBN (Russian Business Networks) on average 2500 times a day.
SO DOES EVERY ONE OF YOURS!!! Your systems just don't show
you. Sooner or later they'll find a hack that works or
probably already have if you run a plastic box. Bottom line,
you have to compromise or stack security. The only true
secure network is UNPLUGGED. Our government is doing little
or nothing to limit our exposure to these attacks.
Here's
just a handful of Emerging Threats from this morning's log...
I don't run any sort of a sql server... but they have found a
weakness and they are hunting. I removed my IP address from
the data but left the origins there. Go ahead, take a
look... they'll have obscure pathways that either timeout or
take you offshore.
02/03/15
07:11:36 2 TCP Potentially Bad Traffic
218.77.79.38
Icon Reverse Resolve with DNS 36689
Icon Reverse Resolve with DNS 1433 1:2010935
ET POLICY Suspicious inbound to MSSQL port 1433
02/03/15
06:51:40 2 TCP Potentially Bad Traffic
66.240.192.138
Icon Reverse Resolve with DNS 1590
Icon Reverse Resolve with DNS 5432 1:2010939
ET POLICY Suspicious inbound to PostgreSQL port 5432
02/03/15
06:50:54 2 UDP Attempted Information Leak
62.210.188.66
Icon Reverse Resolve with DNS 5093
Icon Reverse Resolve with DNS 5060 1:2008578
ET SCAN Sipvicious Scan
02/03/15
06:50:54 2 UDP Attempted Information Leak
62.210.188.66
Icon Reverse Resolve with DNS 5093
Icon Reverse Resolve with DNS 5060 1:2011716
ET SCAN Sipvicious User-Agent Detected
(friendly-scanner)
02/03/15
06:10:35 2 UDP Attempted Information Leak
62.210.188.66
Icon Reverse Resolve with DNS 5098
Icon Reverse Resolve with DNS 5060 1:2008578
ET SCAN Sipvicious Scan
02/03/15
06:10:35 2 UDP Attempted Information Leak
62.210.188.66
Icon Reverse Resolve with DNS 5098
Icon Reverse Resolve with DNS 5060 1:2011716
ET SCAN Sipvicious User-Agent Detected
(friendly-scanner)
02/03/15
05:44:10 2 TCP Attempted Information Leak
61.240.144.66
Icon Reverse Resolve with DNS 60000
Icon Reverse Resolve with DNS 11211 1:2009582
ET SCAN NMAP -sS window 1024
02/03/15
04:52:53 2 TCP Potentially Bad Traffic
117.21.173.177
Icon Reverse Resolve with DNS 6000
Icon Reverse Resolve with DNS 1433 1:2010935
ET POLICY Suspicious inbound to MSSQL port 1433
02/03/15
04:02:09 2 TCP Potentially Bad Traffic
66.240.192.138
Icon Reverse Resolve with DNS 15715
Icon Reverse Resolve with DNS 3306 1:2010937
ET POLICY Suspicious inbound to mySQL port 3306
02/03/15
03:40:34 2 TCP Potentially Bad Traffic
61.160.224.129
Icon Reverse Resolve with DNS 48142
Icon Reverse Resolve with DNS 3306 1:2010937
ET POLICY Suspicious inbound to mySQL port 3306
02/03/15
03:23:30 2 UDP Attempted Information Leak
212.83.132.65
Icon Reverse Resolve with DNS 5115
Icon Reverse Resolve with DNS 5060 1:2008578
ET SCAN Sipvicious Scan
> <snip>
The problem with most wifi devices is they don't
have robust security. If you are like Stephen and
I and live in the country it's not such a big
issue. If you have close neighbors... Ya pays your
money, ya takes your chances. Wifi is just so easy
to hack. I could go on for days how to configure
wifi security and the really bright boys can still
get into your network in less than a minute.
>
> Rick
Rick,
I know why *I* want
secure wifi, but I wonder if you would expand
on your reasoning for its importance. Mainly,
I'm wondering if there's reasoning I haven't
taken into account.
FWIW - we just got a new
wifi router - Apple Airport Time Capsule
(3TB). Chose it for both the backup storage
and the 802.11ac wifi. Before, w/ an "n" (I
believe) wifi router (provided by Comcast, our
POS ISP), our iPads could barely keep
connected, when only about 30' away (granted,
this 30' would be in a straight line from
upstairs to router location downstairs - but
still!). W/ the 11ac router, we can go
anywhere in the house and maintain a strong
signal. Besides a strong wifi password, are
there other steps I can take to strengthen the
security? Note that, while online banking is
part of my regular routine, I do not keep the
computer powered on when not in use, nor do I
store any other financial info on it. Also,
I do *NOT* use iPads or phones for anything
financial... Now, the wife on the other
hand.....
Thanks!
_________________________________________________________________
To unsubscribe or modify your subscription options,
please visit:
http://lists.ferrarilist.com/mailman/options/ferrari/ramosel%40pacbell.net
Sponsored by BooyahMedia.com
and F1 Headlines
http://www.F1Headlines.com/
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.ferrarilist.com/mailman/options/ferrari/l02turner%40comcast.net
Sponsored by BooyahMedia.com
and F1 Headlines
http://www.F1Headlines.com/
|
pacbell.net)