If you are having trouble viewing this email, click here to view this online



   ISSUE 29

28 December  2013

Article of the Month  Around the World

How to Secure Your Wireless Home Network


Wired or Wireless?

Wired LANs : Connects two or more devices via Ethernet cables. Wired LANs typically use central devices such as routers, switches, and hubs when it requires connectivity among a large number of computers.


 Wireless LANs: Connects two or more devices through air. The topology can be either infrastructure mode or Ad-hoc mode.
Even though both wired and wireless home networks are having their own advantages and disadvantages the current trend is installing wireless home networks instead of wired home networks. This selection is mainly based on three reasons.

� Ease of installation
� Mobility support
� Wireless is the future trend

Why wireless home networks are more vulnerable than wired networks?
Theoretically wireless LANs are less secure than wired LANs because wireless communication use air/ free space as its communication medium and hence any computer within the range and with a relevant hardware can grab the signal from the air and access the network unless you take necessary preventive actions. If an unauthorized person is able to access your network, other than stealing your sensitive data stored in your computer and consuming your network bandwidth, he can also use your network to attempt a crime, send spam, as a part of a Botnet which generates DDOS attacks. The activity could be traced back to you and you will be considered as the wrong doer.
The following tips can be taken as precautions against such activities and improve the security of your home wireless network.

1. Change default Administrator user name and password
Most home Wi-Fi networks use an access point or a router as their central coordinator. In order to configure these devices manufacturers provide web interfaces which are secured with a login screen where only the authorized users can do this. Those default usernames and passwords are well known to the hackers who are involved in this field. Therefore change the default settings as soon as possible. Also don�t forget to change the guest account settings too.

2. Change the default SSID
SSID is a network name used by access points and routers. Most of the manufacturers preconfigured their products with the same set of SSIDs according to their model. As an example Linksys devices are normally use �linksys� as their SSID. If an outsider sees SSIDs such as �linksys� or �NETGEAR� he probably thinks that this device left with the default Admin or Guest account credentials. If he is interested on accessing your network, he can easily do that since they are well known to the hackers. Therefore change your default SSID with a new one which does not hint the model of your device.

3. Disable SSID broadcast
Wireless access points and routers periodically broadcast the network name (SSID). This is a suitable feature if you consider a business environment or a mobile hotspot since clients will roam in and out of range. But if you consider a home network this is an unnecessary feature. This will also increase the risk of an outsider access into your network. Most of the manufacturers provide an option to the network administrator to disable this feature. Therefore make sure to use that facility.

4. Use WPA/WPA2 encryption
Encryption technology converts the clear text format into a human unreadable format and hence provides data confidentiality. All Wi-Fi equipment provides you the option of encrypting your data. Wi-Fi protected Access (WPA/ WPA2) provides more security than the WEP which can be easily cracked by hackers.

5. Use MAC address filtering
MAC address or physical address is a unique identifier given to a device at the time of manufacturer. Most of the wireless access points and routers are capable of keeping track of the MAC addresses which connect them. And most of the manufacturers give an option to the owner to configure a list of MAC addresses which allow connecting to the wireless network. Therefore devices other than the listed ones will be restricted to be connected to the network. By default this feature is disabled by the manufacturer. Therefore ensure to make use of this feature.

6. Assign static IP address to devices
Most home networks use DHCP technology to easily assign dynamic IP addresses to the devices which are connected to the network. This allows hackers to easily gain access to your network by stealing a valid IP address from your DHCP pool. Therefore in order to reduce this risk turn off DHCP on the wireless access point or router and set up a static and private IP address range. Make use of sub netting which allows only a required number of devices to be connected to your network. After that you can configure the devices connected according to the range.

7. Ensure that the devices are properly secured
Make sure to turn on your router�s firewall. And ensure to have up-to-date antivirus software, security patches, and also client firewall software on each connected computer to minimize the risk of malware infections.

8. Turn off the network during periods of non-use
If your wireless router allows you to turn off the network access to certain times of the day, and if you do not need the access during a particular period of time, configure your router to disable access during that period. This will surely prevent outsiders from accessing your network.

9. Locate the access point or the router in a secure place
Wi-Fi signals normally spread out of the home to an extended area. Those signals cannot be blocked by walls or other physical barriers. A large amount of signal leakage makes it easier for outsiders to detect and break into your home network. Therefore as a precaution, install your wireless access point or router near the center of your home instead of edges near windows to reduce the leakage to the outside.

10. Disable auto-connect to open Wi-Fi networks
Connection to an open Wi-Fi network will expose your computer and your sensitive data to outsiders. Most computers allow this connectivity without notifying the user. Therefore make sure you disable this feature.


W. M. Samadhi S. Silva

Samadhi is an undergraduate of Sri Lanka Institute of Information Technology
who is currently following B.Sc. (Hons) in Computer Systems and Networking.
Currently she is working as an Intern - Information Security Engineering at Sri Lanka CERT|CC




  Kenneth van Wyk: Enjoy your trip, but protect the data you take with you

�. . . .... I travel internationally quite a lot, and I have several security guidelines and rules that I follow. One of my top concerns is that, should a device of mine be stolen or seized by customs, all the data on that device, whether it's mine or my customers', will be adequately protected from prying eyes. Here, in no particular order, are some things to consider..."

  Facebook, Google, Twitter Users Among Nearly 2 Million Accounts Hacked by Botnets

'.... Cyber security firm Trustwave announced on Tuesday that nearly 2 million online accounts have been hacked, compromising the privacy of users of Facebook, Yahoo, Google, Twitter, and payroll service company ADP in nearly 100 countries. According to Trustwave, the violation was likely achieved using keylogging malware, began on October 21, and is possibly ongoing. CNN reports that Trustwave has alerted affected users of the security breach�.'

Pentagon Disconnects iPhone, Android Security Service, Forcing a Return to BlackBerry for Some


'.... Some military members who were working off Apple and Android-based smartphones and tablets now must return to using older model BlackBerrys because of a security service switchover, according to an email obtained by Nextgov and confirmed by Pentagon officials.

The Defense Department is building a new mobile device management system to monitor government-issued consumer smartphones on military networks, but it's not yet ready for prime time.......'

Anonymous hackers plead guilty to PayPal DDoS attack


'.... Thirteen defendants pleaded guilty in federal court in San Jose on Friday to charges related to their involvement in the cyber-attack of PayPal�s website as part of the group Anonymous. One of the defendants also pleaded guilty to the charges arising from a separate cyber-attack on the website of Santa Cruz County.......'

Financial services cyber security trends for 2014

''.... Five years ago, questions directed at boards of directors and senior executives at financial services firms on the toughest risk management issues might have resulted in responses like �liquidity risk,� �regulatory compliance,� or �bad debt.� Few, if any, would have mentioned cyber security. Today, the same question generates a much different answer......�

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in November 2013
 Fake + Harassment
 Gender wise
 Statistics - Sri Lanka CERT|CC


Google Nexus Phones Vulnerable to SMS Denial-of-Service Attack

'....Google is reportedly looking into a problem with the latest versions of Nexus smart phones that could force the devices to restart, lock or fail to connect to the Internet.

All Galaxy Nexus, Nexus 4 and Nexus 5 devices that run Android 4.0 contain a flaw that can render the phones vulnerable to a denial-of-service attack when a large number of Flash SMS messages are sent to them.......

Amazon opens civilian use of drones, I hack them

'.... Amazon company, the world�s largest online retailer, has recently announced that it is testing unmanned drones to deliver products ordered by the customers, the service could take up to five years to start.......�

The Brilliant Hack That Brought Foursquare Back From the Dead

'.... Crowley is the founder of Foursquare, the seminal social networking service that broadcasts your location across the net and serves you tips and deals based on where you are. This past February, the New-York-based startup boasted 40 million registered users, but it was facing competition from countless others � including the mighty Facebook � and as far as Crowley was concerned, his service had never worked as it should. Rather than automatically sending users tips as they moved from place to place, the Foursquare smartphone app required them to �check in� every time they wanted information about their location � a time-consuming process that rewarded sitting still rather than exploring and discovering new experiences.......'

Illustrates Car Security Threats


'..... As a tech paper disclosing how to hack into the network of electronic control units (ECUs) was making rounds on the Internet, many readers, including those of this publication, expressed skepticism: Taking the time to open up a dashboard and physically connect hardware (a laptop) into the car stretches the definition of hacking.p>

True, but the point of the car-hacking demo pulled off by Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive wasn�t really about how they broke into a car. The focus of their exercise was the mischief that they -- attackers or corrupt ECUs -- are capable of doing after gaining access to the ECU network.......

What threats will dominate 2014?



'.... Trend Micro released its annual security predictions report. The outlook cites that one major data breach will occur every month next year, and advanced mobile banking and targeted attacks will accelerate.

Critical infrastructure threats, as well as emerging security challenges from the Internet of Everything (IoE) and Deep Web, are also highlighted.......

Notice Board
  Training and Awareness Programmes - November/ December 2013
- 17-12-2013To 18-01-2014 Training on Graphic design and Animation National Institute of business Management


22-12-2013 Meeting with the beneficiaries of Global Partnership Programme with the Korean Delegation Auditorium, Ministry of Education
- 23-12-2013 Award Ceremony of National ICT competition New Art Theatre, University of Colombo
- 24-12-2013 Training programme for teachers selected for Educational TV Programme ICT Branch , Ministry of Education

Brought to you by: