IS YOUR NETWORK SECURE? ARE YOU MAXIMIZING YOUR NETWORK CAPABILITIES?
What are our thoughts on a wireless network?
Not needing to wire up an office or home is a major convenience, however it comes with the task of securing your wireless network. You don’t want your neighbors or strangers to have access to your personal files, but not securing your network is like opening your front door to all.
What do you need to know when you are setting up a wireless network?
- For security options, we suggest using WPA (not WEP, since WEP is hackable).
- The passphase should be a random mix of letters and numbers.
Ever wondered what the difference is between the PASSWORD and the PASSPHASE?
The password is used to log into the router settings.
The passphase is used when you are attaching a new device to your wireless network.
What do you need to set up wireless network?
To set up a network you need:
- Internet connection
- Router
Please note: Sometimes the modem and router are combined into one device.
What does it mean to “lock” your wireless network?
Locking your wireless network is essential to network security.
Locking your network simply means making sure it is secure so that no one can enter into your network.
Each router has it slightly different, but you are looking for:
(a) Select “wireless settings”
(b) Select “security options”
(c) Select “WPA”
Which router do we recommend?
We recommend: Linksys and Cisco routers.
When updating to a wireless network, what should you consider?
- Confirm the router(s) will reach all the computers in your home or office.
- The effect on the network infrastructure
- Reconsider the necessary security measures
- Clamp down on unauthorized access (employees logging in from home…)
- Future upgrades
The experiment:
Herbert Thompson* in 2008 wanted to show the public how easy it was to access someone’s personal information and bank account.
He did the experiment on someone who he barely knew, a girl named Kim. Using the knowledge he knew about her, her name, where she was from, where she worked and roughly her age, he was able to access her bank account in ONLY 7 STEPS!!!
Read below to see how he did it – in the days before Facebook!
Step 1
Google search. He googles her. Finds a blog and a resume. (Thompson called her blog a “goldmine.”) He gets information about grandparents, pets, and hometown. Most importantly he gets her college email address and current Gmail address.
Step 2
Next stop: Password recovery feature on her bank’s web site. He attempts to reset her bank password. The bank sends a reset link to her email, which he does not have access to. He needs to get access to her Gmail.
Step 3
Gmail access. He attempts to reset her Gmail password but Gmail sends this to her college email address. Gmail tells you this address’ domain (at least it did in 2008 when Thompson conducted the experiments) so he knew he had to get access to that specific address.
Step 4
College email account page. Thompson clicks the “forgot password” link on this page and winds up facing a few questions. Home address, home zip code and home country? No problem, Thompson has it all from the same resume. The same resume found from the simple Google search done earlier. Then came a stumbling block: the college wanted her birthday. But he only had a rough idea of her age, no actual birth date.
Step 5
State traffic court web site. Apparently, you can search for violations and court appearances by name! And such records include a birth date. (Facebook also makes this piece of data very easy to get even if people do not note their birth year… Remember Thompson knew roughly how old Kim was.) But he had no luck with the Department of Motor Vehicles.
Step 6
Thompson goes back to the blog and does a search for “birthday.” He gets a date but no year.
Step 7
Finally, Thompson attempts the college reset password again. He fills in her birth date, and simply guesses the year. He gets it wrong. But the site gives him five chances, and tells him which field has the error. So he continues to guess. He gets access in under five guesses. He changes her college password. This gives him access to her Gmail password reset email. Google requires some personal information which he is able to get easily from her blog (e.g., father’s middle name.) Thompson changes the Gmail password and that gives him access to the bank account reset password email. Here again he is asked for personal information, but nothing that he could not glean from Kim’s blog (e.g., pet name and phone number.) He resets the bank password and bingo, has immediate access to all her records and money.
