WeekEnd Feature: Shut that door!

by Ian Thompson, CCSP Staff Editor
March 27, 2004

Hopefully, after even just a casual lurk in a place like this, most users would have realised the dangers of having a PC online without a firewall, or anti-virus software. Even something a little bit more specialist, like proxy filters, spam filters, anti-Trojan software and script-checking utilities are worth the while because they all tackle the obvious ways through which an unwelcome visitor can gain entry.

But how many ways in are there?


Virtual sockets.

Sounds good, eh? Sounds like a new protocol to cope with more than 65535 standard ports – let’s call it ‘port-sharing’ or ‘port-multiplexing’. Get it patented! “Port-Multiplexing – connectivity for the IPv6 age!”

Actually, I’m talking about wireless networks - might as well start with something a little more familiar than fanciful inventions of a tired brain.

WiFi is the current vogue in networking, We’ve got point-to-point, personal area, wireless LAN, community area and so on – all different ranges or coverage, depending on our needs. Except that even the humble home WiFi router can be detected well beyond the reported range given by the wireless network card in the roaming laptop. In case you’re wondering, just check out the different aerial styles and the spread patterns they give – a couple of parabolic directional antennae can reach to each other well beyond the area that the average Centrino laptop can connect.

Therefore, this is one of the more obvious doorways into a system. I say obvious, but if a PC has the usual panoply of protective software, then a WiFi connection shouldn’t pose too much of a problem. There are a few tips for dealing with them:-

1. If you use access points, then set everything to infrastructure mode – this will block ad-hoc (computer to computer) connections that may create what’s known as a ‘man-in-the-middle’ attack. This is where a miscreant’s laptop intercepts your transmission by pretending to be the router, then forwarding things on to the actual router in a chain. A copy of everything that passes through the middleman is kept for further analysis later.

2. Change the default SSID and administrator passwords.

3. Set whatever security methods available to their maximum. Often, this means 128bit WEP keys and higher. Since WEP is not really that secure on it’s own, investigate some form of security key rotation system, where the access key is swapped for another at regular intervals.

4. Don’t be fooled by claims that WPA is stronger than WEP – the difference is not huge, and WPA has problems of its own. This is a shame, because the hype would have us all believe that WPA was the answer to all those WEP blues.

5. Check the actual transmission range needed. Set everything to maximum output, go to the likely places with a laptop and measure the signal (a crude look at the network connection properties reveals an indicator of sufficient definition). If all places are covered at 60-100% signal, turn the strength down a bit. Even home equipment is capable of covering an area of between 100-130 m radius – in my case, this would cover about 100 people living in the surrounding area.


Enough!

Okay, so there are many documents available that detail the securing of WiFi, but here are a few more interesting points.........

1. Pilkington ‘K-Glass’ is fitted as standard to new glazing in the UK. This glass has a thin metalised layer on one surface, and is normally fitted in double-glazing units, so tends to go on the inside to prevent damage by scratching. It’s primary function is t reflect heat back into the building, thus cutting down on fuel usage. Thos who have tried this next bit will testify the K-Glass stops WiFi transmissions. I’ve had two laptops, one on either side of a K-glass unit, and the one on the ‘outside’, away from the AP, had zero signal strength – the one inside had 80%. K-Glass works better than wire-armoured stuff (thought this can also be used to shield areas from WiFi signals).

2. Study a radiation diagram for the strength of signal if possible. I’ve called these ‘isorad’ diagrams, since they join points of equal strength, rather like the isobar indicator on a weather forecast map.

Armed with the appropriate knowledge, a user can understand the likely places where a casual observer might try the same. Forewarned is forearmed, as they say.


This is still wireless networking....

As is the next doorway – Bluetooth. Ostensibly a shorter range, some Bluetooth signals can rival WiFi for coverage. However, less protective tools are available for this. A host PC would still rely on its security software to deal with these new points.
There are methods of gaining access to information that do not rely on creating a conduit through a computer.


Nice phone, Jack. But it’s not as good as mine…

Let’s move away from PCs into other networked devices. Perhaps the most common is the cell phone, which is connected to its host network whenever it’s switched on and signed in. Most phones do not pose a security risk in the way you’d think, because it is unlikely that they can be used to create ad-hoc connections without their owner’s knowledge. Even a request to view files over Bluetooth requires confirmation or acceptance.
No, it’s more the other ways in which information can be transmitted. Like visual. A photograph or SMS text message can convey enough information to create a security breach.

How many system managers consider the risks of the modern camera-equipped mobile? And yet, they are capable of photographing sensitive information, passwords or codes and then transmitting them anywhere in the world providing they can find a host network. Given that most have sufficient RAM, pictures and video can be saved until later, when a network may be available, thus defeating the use of signal jamming equipment.
It is no surprise that employers and others dealing in confidential environments (such as examination systems) are now having to legislate against these devices.


How about the photocopier?

I’ve just noticed that Sharp have apparently seen fit to equip its AR range of printer/copiers with something called a ‘data security kit’ see sharpinbusiness.co.uk. This includes the sort of data-overwriter that may be used by the paranoid (like me) to undertake what’s commonly called the ‘US DoD 5220.22-M section 8.306 standard’. Snappy, huh? Basically, it will destroy any trace of the saved file that may have temporarily rested on the printer’s storage (which on big office units is often a common hard drive unit) by over writing it at least seven times with random junk.

There’s a bunch of other stuff as well – you’ll wonder how you ever coped with that old HP 4si unit…


I can see what you’re looking at…

And I don’t need fancy software like NetOp Control…. If you’ve ever seen the UK’s TV detection service (part of the TV licensing side of things, to make sure we all pay for our dear beloved BBC), they are able to detect the presence of TV receiving equipment just by the RF emissions given off by the average CRT and tuning circuits. Some systems specify LCD monitors to counter this – they have far less power output for a start, and the absence of a large magnetic field prevents the remote image capture from working.

Even then, many PCs are being equipped with wireless keyboards that, if radio frequency types, can be intercepted without the need for key logging software.

Speaking of which, we recently had a visit at school from an ex-serviceman, Mark Threadgold, (see his exploits at http://www.st-dunstans.org.uk/) who had been made totally blind around 1999. One of the cool tools he showed us was a screen reader package called HAL that converted, through a complex process of integration between different components, anything on screen into the spoken word. Easy enough for a word-processor, since it could follow the cursor, but much more difficult for things like Internet browsing, or simply using InstalShield application installation software. It made sense of a graphical screen. The technology could easily be adapted to make sense of the images on someone else’s monitor…

And finally…

I leave you with an interesting read – www.bcs.org/turing - 2004 lecture headlined with the phrase ‘Data security is let down by the shortcomings of users’. Do what you want to the systems – they won’t ultimately let you down… remember, there’s always someone out there who will make the phrase ‘foolproof’ look silly.




by Ian Thompson ComputerCops Staff Editor



Ian Thompson is a Network Manager of a 500-PC, 9-server, 1700-user school network and is an ICT teacher at a UK high school near the city of Leeds. He has written articles for the Hutchinson Encyclopedia, plus many resources in support of teaching ICT in the UK schools' National Curriculum.


Copyright © Ian Thompson All Rights Reserved 2004.