Protecting Your Passwords From Hacking

You can have the best security software and hardware deployed in your home and office, but if someone can easily guess your passwords, you’ve left the worst possible hole open to hackers.

Strong passwords should be the norm. Too many people do not take password selection to heart and leave themselves open to the easiest method that hackers use to compromise your data. You may laugh when you read that numerous people use the word password, as their account password. If you are one of those people that do use “password”, I’m sorry, but keep reading. Another common one used is the series of numbers: 123456. A lot of sites that don’t require strong passwords will at least require six characters, so that’s the reason for some to lazily pick the six number sequences.

Systems are broken into by hackers that easily guess some passwords and for others, they will run password cracking software. A password cracking program will run through a dictionary, common password phrases, and birth date combinations. Once a password is cracked, you are vulnerable to loss of privacy, identity and financial theft. Your computer could be used by the hacker to victimize other computers.

Here are some tips for better password use.

1. The longer the password the better. You may worry about remembering a longer password but there is a trick that you can use. Try to create phrase that you will easily remember and use the first letter from the phrase. If you throw in some numbers, or characters, you will really have boosted the strength. Here’s one example of that technique. Say you love your mom’s cooking and who doesn’t? “I love my mom’s cooking no matter what she makes!” Ilmmcnmwsm! If you capitalize the letter I, followed by lower case letters and throw an exclamation on the end, you’ve built a pretty hard to crack password.

2. Do not use text found in the dictionary. A password cracker program can run through millions of words in seconds. I have seen them work, as part of my computer forensics training. Some password cracking programs are freely available on the internet and others are sold, that can crack specific programs.

3. I know you may not want to, but change your passwords on a regular basis. Some recommend that you do so every two to three months. Set a reminder on your calendar program.

4. If a hacker gets sent to a password reset link, then they will guess the answers to your security phrases. If you pick simple ones, then you have just made the hackers task a little easier. It was reported that the Vice President nominee, Sarah Palin’s email was hacked, because the hacker had done some research on her. The report said that he knew her zip code, birthday, and where she met her husband.

There are some software tools and hardware devices that can help you secure you passwords. I will write about some of those in a future article. For now, use the best passwords you can and make them strong.

Greg Doig is owner of StratusClick Consulting. Visit him at http://stratusclick.com

Article Source: http://EzineArticles.com/?expert=Greg_Doig
http://EzineArticles.com/?Protecting-Your-Passwords-From-Hacking&id=4243427

Is Your Router One of the Six Million Vulnerable Devices on the Internet?

I last spoke about the benefits of using a NAT Router for your home and office when connecting to the Internet. As discussed this provides added security because it hides or masks the computers on the LAN or internal private side of the router from unwanted inbound traffic originating from Internet scanning, worms and hackers.

For your router to provide its full security benefits it has to be configured correctly. By leaving the manufacturer’s default passwords and allowing the administrative interface to be accessible from the Internet has left many a device vulnerable. How big a problem is this?

A report by Wired showed that 21,000 devices were open to remote attack because they failed to change the manufacturer’s default password and their administrative interface was viewable from anywhere on the Internet. Wired also reports that the researchers, extrapolating from the numbers they gathered were able to estimate that 6 million devices connected to the Internet are likely vulnerable.

So don’t become a victim. One of the first things you need to do is change the manufacturer’s default password on your router. You should also disable remote administrative access on the Internet facing interface . You can administer the router from the private wired LAN side of the router. There should be no need to administer the router from the Internet. If this is something that you must do and if your router supports it, then configure your router to accept VPN client connections. This way you will be able to connect to your router from the Internet through a secure IPSEC tunnel. Once connected you can administer your router just as if you were home or in the office connected to the private LAN side. This method is secure and doesn’t expose you to brute-force password-cracking attacks which you may be vulnerable to if you have remote administration enabled.

Some additional router configuration options to think about. Universal Plug and Play should be disabled. This feature allows Windows to configure your router on the fly opening a potential whole through your router. Almost all NAT routers also double as an SPI (Stateful Packet Inspection) firewall. Make sure you have this feature enabled. Also unless you or your business need to provide some kind of service for Internet users such as web, ftp, or mail services, you should have port forwarding disabled as well as the DMZ option disabled. These options allow you to give access from the Internet to your computers on the private LAN side of the router. Giving access to your internal network and computers can expose you to all the dangers the Internet has to offer.

Next time I will discuss how you can provide services to Internet users on your home or office network securely.

Dave
Computer Repair and Network Security

Online Marketing

Why Use a NAT Router?

Every computer connected to the Internet is exposed to dangers.   For myself and many others the benefits of using the Internet far exceed the possible dangers.  We can minimize the dangers if we follow some basic security principles both for our home and office computers.

Let’s start with how we connect to the Internet using a wired connection.  Many home users and small businesses connect to the Internet through a Cable/DSL modem.  This type of connection is an always on connection.  As long as our computers are powered on we are connected to the Internet and exposed to dangers.  We increase the danger if we connect our PC directly to the Cable/DSL modem.  Computers connected in this way will receive a DHCP public IP address from their Internet Service Provider.  What this means is that our PC is both visible and accessible directly from the Internet.  This exposes us to Internet scanning, worms, and hackers.  If we don’t have a software firewall installed then our PC can be easily compromised and our data stolen.

Even though a software firewall can lessen the dangers we are exposed to when we connect in this way, I don’t recommend this method.  A better solution would be to use a Cable/DSL NAT router.  The NAT router would connect directly to the Cable/DSL modem and then our computer or computers would connect to the NAT router.  Why is this safer?

One of the key benefits of NAT (Network Address Translation) routers is that the router hides the internal IP address of your computer or computers.  The Internet sees you as a single machine with a single IP address.  This effectively masks the fact that one or many computers on the LAN side of the router may be sharing that one IP address.  This not only provides security benefits but also financial ones.  NAT enables you to have more than one computer on your home or office network while you only have to pay for one public IP address from your ISP.

How does NAT work?  When you turn on your computer you will receive an RFC1918 private IP address from your router.  Usually with most Cable/DSL routers this will be on an 192.168.x.x subnet.   This internal private IP will have to be changed or NATTED to a public address in order for you to be able to access the Internet.  Since all computers on the LAN side of the router will share the same single IP address, the router keeps track of these outbound connections through PAT (Port Address Translation).   Here is what happens.  When you make an outbound call to Google, the NAT router receives this request and changes your private IP of (192.168.1.20 for example) to a public IP address say (12.46.115.225) and a port number of 2500 making it (12.46.115.225:2500).   A second computer on the same LAN with an IP of (192.168.1.21) also makes an outbound request at the same time.  This computer will be assigned the same public IP but a different port number say 2501 making it (12.46.115.225:2501).  The NAT router keeps track of these connections in a table.  It uses this table to match return connections to the correct computer on the private LAN side of the router.

This is the really good part and why the router provides added security.  All traffic arriving at the NAT router that does not exactly match the traffic in the router’s table is discarded as unwanted traffic.  This basically stops all unwanted inbound traffic originating from Internet scanning, worms, and hackers, protecting our computers on the private LAN side of the router from unwanted traffic from the Internet.  So if you don’t already have a NAT router why not get one.  The added security benefits are certainly worth the added expense.

Of course for a NAT router to provide its full benefits it has to be configured correctly.  I will discuss this as well as the following subjects in future articles:
how to secure wireless networks, how to make a server available to Internet users through port forwarding safely, what is a DMZ and what are its benefits,
and how can adding a second NAT router provide even greater security. Please feel free to contact me with any questions or comments.

Dave
Computer Repair and Network Security

Online Marketing

Content Protected Using Blog Protector By: PcDrome.