Franklin S Werren by vivi07


									Franklin S Werren

Yes… I Do Play the Bagpipes!

• • • • • • • The Best ! The Worst ! They Invented Routers They Invented WAP’s (Wireless Access Points) They Invented WAP’s in Routers They Invented Software with Holes in it They Invented “Hackers” and “Crackers”

WHY ?
I do not Know!!! Maybe it is because of supply and demand and we have all become computer “NERDS!”

NAT Routers
• • • • • • • • • Usually stops most Hackers or “Crackers” Use 1 IP Address for many Computers Easy to use Web Interface Cheep !!! Plug and Play for fast and easy setup with a built in DHCP server Advance user can use Router to forward to 1 or more servers using Port Forwarding Easy to use for a Small Business environment Some routers can be set up to use Zone Alarm Pro and PC-Cillin by Advance Users Normal installs of NAT routers will not stop Viruses or Spy ware via e-mail, Browsing the web, and yes KIDS who like to play!

Wireless Access Point - WAP
• • • • • • • Some Models have a NAT Router built In Ease of use with default settings Low Cost Default Settings have no Security Many WAP’s are easy to “Hack” because the default password and SSID has not been changed The customers computer on a open WAP may be “Hacked” A number of new laptops being sold now have the Wireless Access Card as an internal device, already installed and operational, usually without the knowledge or understanding of the customer

Why should it concern the cable operator or ISP ?
(Internet Service Provider)

Hackers and Crackers use open WAP’s to pass Spam, Porn, Music and other “Wares” files that cannot be traded by any other way.

Open WAP’s can be used to crack into secured computer systems to steal credit card and customer info and leave no useable tracks for the police to use.

What can we as a cable operator do to protect our Plant and our ISP operation ?

Educate the customer on the use of WAP’s and how to secure them.

How do we secure a WAP ?
• • • • • • • Read the Docs and FAQ’s Update the Flash Memory Change the default password Turn off the Beacon and change the ssid Do not turn on the ability to admin the WAP or Router from the net Use WEP (wireless encryption protocol) at 128 bit Use a password with numbers and letters or use a password generator Use MAC address filtering Remember… WEP is not 100% secure even at 128 bit

• •

What else can be done?
• Use NetStumbler on a Laptop or a Palm CE with a good Wireless Card and a GPS in a service van to check your system for open WAP’s. NetStumbler is FREE!!! • You can do it at the same time you check your plant for cable leaks • Remember: You will also see WAP’s on other services • Change your TOS to include the use of a WAP and the use of WEP if needed

How Does Netstumbler Work?

What Else Does NS Do ?

Why should we scan for open WAP’s ?
• You could, or your customer could be held legally responsible for an open WAP • Laws are not clear at this time • Think of the guy in Toronto who used a WAP to pass “Kiddy” Porn from his car and was caught (with his pants down!)

What else can we do as a ISP/Cable Operator?
• • • • • • • Use an Active Firewall on your border routers Block outgoing port 25 except for your own mail server Block other ports that may be a security problem Keep your router and server software updated Change Admin passwords often and do not use easy passwords Use a Virus/Spam Wall on your mail server Educate your customers on the use of a Spyware Remover, anti-virus programs, Hardware and software Firewalls • Remember XP does have a Basic Software Firewall but it is usually not activated. Service Pack 2 for XP will correct that problem • Also educate your customers how to keep their software updated

There are no stupid Questions?
Franklin S. Werren

URL’s that would help and news://

To top