[Greg135]

Hi there,

There has recently been a number of high profile incidents where hackers have accessed and compromised customer information. Also, several IM marketers have had their sites hacked into and have been locked out of their domains etc. Passwords have been accessed etc etc

I need more answers on how to stop the potential to be hacked...

It certainly concerns me bigtime. I'm responsible for IT in our office and it's a mission just to keep everyone updated and in sync with the latest patches and downloads. The security side is even worse.

To start with I have 4 questions:

- Does Roboform provide a good way of handling passwords? I mean is it effective in keeping passwords safe?

- Are there reliable password encryption devices out there that can effectivley block any malicious activity?

- Do you guys allow your children to use your work PC's? They have passwords and gmail accounts and play several online games? Does this potentially provide a weak link into your system?

- How do you guard against key loggers?

Are there others areas to consider?

Appreciate your responses....

Regards

Greg

[rhynes]

Greg, hacking happens more than you know. When the big box stores or a bank get hacked, "sometimes" it hits the news. But how many times do you see any news on small businesses getting hacked? It's a big source of information loss. Unfortunately this causes a mindset among other companies, it's not on the news, not hearing about it, it can't be happening.

I see many new clients every year and it never ceases to amaze me how many have viral infections and nobody realized. For the average small business, a virus is pretty much a gauranteed hack. Heck, just recently one client called me saying his 250 gig server was full but he only had 5 gigs of viable data. His server had a virus and was happily running a warez ftp site from the root of C: that was wide open to the world, over 200 gigs of movies and games, all company data was fully accessible.

Some people may not agree, but employees (and yes, many bosses) are the weakest link in the security chain. If you're going to get hacked, it's an employee that's going to do it tho it may be inadvertantly. Oh the stories that could be posted here.


Get a decent firewall, the off the shelf d-link and linksys don't cut it. You can get a cisco ASA5500 for less than a grand, money well spent considering a hack can cost you alot more. Install it and have someone verify it. A badly configured cisco is worse than an out of the box d-link or linksys. I won't use software firewalls anymore, they cause more problems than they fix.

Don't rely solely on antivirus software, there's no such thing as perfect.

audit the information on your network - this is a big one, what information do you carry on people. Do you have names, addresses, credit card info and such? That's the goldmine for hackers today, information theft for identity theft.

educate your users - Many users have the mindset that if it's there, they'll use it. NO!!! The network is the companies investment and they must protect it. When you explain the dangers of open surfing, the majority understand it and stop but there's always the odd one who presses on. The ones that keep pressing the issue are generally the ones who lose their job.

Along with education comes the acceptable use policy, there are many samples online that you can rewrite for your own use. This is the basic must for any business and it's free. Have employees read it (or explain it to them), have them sign it and date it. I've had businesses call me in to have a group talk with all employees, they bring in lunch and we have a laugh. Don't do it as a fire and brimstone, make it fun and foot the questions. You'll not only help your company in the matter, you'll help users at home at the same time.

Monitoring is another big one. I don't know where you are located but here, a business must tell users their activities are being monitored, this comes with the acceptable use policy. There are many monitoring products on the market, research them.

I won't allow the all in one password reminders on any network. I don't want to see passwords written down anywhere, it has to be remembered. If users can't remember passwords, tell them to pick a word they won't forget, capitalize the first letter and change any i to 1, e to 3, s to $, stuff like that. Makes a secure password they won't forget.


You mention kids on the network. If they are old enough to surf and have email? Generally no. As many parents know, when you have kids, you have viruses and malware. Your employees can be held liable for damage done to your network, kids can't be. Play it safe, if it's an ongoing thing, at least buy a copy of netnanny and allow a few sites for them to surf. Just yesterday I was at a clients to remove a virus, turns out their 13 year old son was surfing porn on the corporate computer and stashing it in a secure folder


Hope this didn't go overboard.

Rob.

[Greg135]

Hey Rob,

Firstly, thanks for the reply....

Secondly, you covered a lot of ground, stuff I have'nt even thought of - but things I need to get my head bent around...

We only have 4 PC's on the network so isn't a hardware router over the top?

I'm also getting more and more into Internet Marketing, so the security of servers, passwords, domains will be factors to consider. (again stuff I haven't yet researched)

Regards

Greg

[rhynes]

Have you ever had a virus on your network? Do you have any hardware firewalls now?

Antivirus or firewall software on the computer is considered a local quarantine. We all know there's no such thing as a perfect antivirus software or perfect firewall software, just read the forums, so many are infected for any given reason.

The higher end firewalls like the ASA or PIX (many different brands out there) when properly configured, acts like a network quarantine.

Considering theres over 130000 ports available with tcp and udp, and the average company needs only 5 to work? What do you have in place to close the rest of the ports?

You asked for opinions, i'm sure more will come.

[Nesjemannen]

I think Roboform password is very-well encrypted, yes.
I use it a lot - it's fantastic!


But if someone hacked into your computer, they would have to guess the roboform Master Password that you set as default to get your passwords - So don't make it a too-easy-to-guess one!

[rhynes]

yes, but considering so many computers are infected these days, so many don't know it. many trojans so nicely install a keylogger now, how safe is it? passwords stored in the head can't be hacked.

Try a program called pspv.exe, google for it. It may surprise you.

[Greg135]

Quote:

Originally Posted by rhynes

Have you ever had a virus on your network? Do you have any hardware firewalls now?

Antivirus or firewall software on the computer is considered a local quarantine. We all know there's no such thing as a perfect antivirus software or perfect firewall software, just read the forums, so many are infected for any given reason.

The higher end firewalls like the ASA or PIX (many different brands out there) when properly configured, acts like a network quarantine.

Considering theres over 130000 ports available with tcp and udp, and the average company needs only 5 to work? What do you have in place to close the rest of the ports?

You asked for opinions, i'm sure more will come.

Hey Rob,

I feel like I'm floundering....

We don't have any hardware firewalls in place. Basically we have a DSL router which is connected to a switch which in turn is connected to the 4 PC's.

As far as the other issues you noted, I don't have answers.

What is the first thing I should focus on?

Regards

Greg

[rhynes]

What's the brand of dsl router? That's the basic firewall protection.

[Greg135]

Hey Rob,
It's branded by our local telecomms provider, so it doesn't have a manufacturer logo on it. The model is ADSL 5102G.

I've looked at the software but it doesn't look as if it has any firewall management capabilities.

Any ideas?

Regards

Greg

[rhynes]

Yep, it's a basic router by the looks of it... If you're looking to get into the router, just type http://yourdefaultgatewayip (whatever your gateway ip is) and that should get you to a login page. the default user/pass is admin unless it's been changed.

[Greg135]

Rob,

Before I go any further with this I just wanted to thank you for your input...

I've been into the router before to check up on problems with the connection...

What should I be looking for in terms of managing the router as a hardware firewall? It pretty much looks as if all the settings are set to default.

Should I try and talk to the local telecomms guys to get more info?

Regards
Greg

[rhynes]

I don't even know how much managing you can do with it really. Try something, hit the following link, it's for GRC.com's port scanner. Steve gibson's site (grc.com) is a great source for info btw, grab a coffee some day and have a read.

https://www.grc.com/x/ne.dll?bh0bkyd2

Find and click on the proceed button. Then click on "all service ports".

Post back with the results if ports are open, closed or stealth. I'm curious now. It's just going to check your firewall from the outside, does no harm.

[Greg135]

Hey Rob,
Thanks for the link...

I ran the test, here are the results:
GRC Port Authority Report created on UTC: 2007-11-28 at 08:33:51

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Does this mean that the router is doing it's job effectively? What other things should I be doing?

Well this is a step in the right direction...

Regards

Greg

[rhynes]

ok. That means that the router is doing the job on incoming traffic, it's typical for the basic router/firewall.

If you don't want to invest in a better firewall, then there are some things you can do but it means trusting in your employees to do the right things. Goes hand in hand with education and being a team.

Your firewall will protect you from worms via the internet but not much more. It can't protect you from laptops or other media coming in from the outside. I've seen a few times when someone sneaks their home laptop in thinking it'll bypass restrictions at work but wind up flooding the network. Not good. Same goes for burned cd's, usb sticks or other portable media.

As you know, the other big ways to get infections is internet surfing and email.

If employees choose to surf whatever they want, it's only a matter of time. If you can keep it to the "business use only", which is difficult, it'll make everything better. Does your webhost have webmail? Get employees to start using it, they can access all emails at the source and delete spam and infections safely. Then download the rest with their email client. Takes a few extra minutes, bit of a hassle but it works.

Other than that, I don't know what else to tell you other than keeping your wits about you. There's only 4 computers on your network so it shouldn't be too hard for you. There are some free linux setups you can use if cost is an issue and you want to start playing. IPCOP is one I really like, it's an all in one box. Check it out here: http://www.ipcop.org


On a side note, how's your backup situation? Running fine? Copies offsite?

[Nesjemannen]

To prevent some damages made by employees surfing, getting into malicious sites, Download ZonedOut, And import the ZonedOut Restricted list I've made.

It will add over 36 000 sites into the Restricted area so that you can't visit them. THis including adult sites - Which they aren't supposed to visit at work.

Good Luck!