What do I do ?........                                                                                                                   


I am a CISSP, MCSA 2003 Security, CompTIA Security+ and I now have my sights on a CEH qualification.

                  

In a contemporary society the importance of gathering, organising and manipulating data is well known. Virtually every business activity, public and private, requires the storage of large quantities of information in a format that is simultaneously readily available and easily updated. Securing the integrity, privacy and confidentiality of this knowledge is essential. I work in a team that is responsible for the development and implementation of IT security policies:

  • Assess faults and risks in an Information Technology environment
  • Develop a sound ethical Information Technology security policy
  • Establish an Information Technology security management structure
  • Manage and control computer networks with due regard for Information Technology security
  • Build Information Technology security into new computer software and hardware system implementations
  • Prevent and, if necessary in spite of best practice, manage crises
  • Ensure user compliance with agreed security policy.

My Top Ten Wireless Security Tips

 

1. Put the access point in the right place

2. Use MAC to stop a hack

3. Change the default wireless network ID (SSID) and hide it

4. Use 802.11i security

5. Remember WEP is not fool proof

6. Use VPN if at all possible

7. Use RADIUS servers if at all possible

8. Simplify your security: integrate wireless and wired policies

9. Don't allow  rogue wLAN's to sprout..

10. Communicate with your Access Points using SSL or SSH.

 

IT Security advice

  • Get a good anti-virus program. Choices are but not limited to F-Prot for Windows, Norton Internet Security 2004 & McAfee VirusScan 2004
  • Get a good two-way firewall. Zone Alarm is a popular choice as its free. The firewall that's included in XPSP2 is only a one-way firewall. Zone Alarm watches activity going on from both inside your computer as well as out on the Internet. XPSP2's firewall is definitely better than not having a firewall at all, but for some people it's not enough.
  • Get a hardware-based firewall or NAT at point of network entry. Why? Because many of us attach un-patched computers while installing, or want to play networked games, or have other reasons for turning off our software firewalls (some software won't work through firewalls). Plus, even if you don't turn them off, provides one more barrier that hackers have to go through. Again, it's about layers of security and not needing to rely on any one security device.
  • Keep your systems patched.  If you not running the absolute latest software, you're vulnerable (and this is true if you're on Linux or the Macintosh too).
  • Run at least one good anti-spyware program like Adaware or Webroot's Spy Sweeper or Spyware Blaster. That'll make sure that no spyware sneaks onto your system. With XPSP2 I've found that spyware is far less likely to get onto your system, but I've already found one site that has some spyware that gets past XPSP2. So, you'll need to still check, particularly if you visit "high risk" sites (sites that aren't known to you, for instance, or adult sites which are famous for putting spyware on your systems).
  • Use strong passwords. Combine first letters from a phrase. Think of a song, phrase or sentence, take the first letter of each word, alternate upper and lower case, and insert creative punctuation and/or a digit.
    "Friday the 13th was a scary movie" =     f#13wAsM. However, you can make this password even stronger by using special characters that look like letters. Never use a single word as a password -- hackers have dictionary cracking tools that can break such passwords.
  • Backup, backup, backup. Backup your data regularly. It's amazing how few people backup their stuff. Hard drives die. Things happen. If you have backups, you'll be OK even if your machine gets wiped by something.

 

Recent Security Alerts

 

Microsoft Security Bulletin Advance Notification

October 2005
Bulletin: http://go.microsoft.com/fwlink/?LinkId=54789

 

 

 

IT resources:
 
zdnet
slashdot
jsiinc
Techrepublic
experts-exchange
Linuxquestions
eventid

 
Security resources:
 
Microsoft Security
Linux Security
Gibson Research Corporation
Domain Dossier
Study Guides


Copyright 2004
Des Massicott
des@massicott.co.uk
 Last updated: 20/09/2005