10. Rattle your router
Posted on 12 May 2008 at 15:08
If you want to know why it's vital to change the default admin usernames and passwords that come with your router then do nothing more than point your web browser at www.phenoelit-us.org/dpl/dpl.html and recoil in horror at the user/pass list there. If you don't, you risk falling prey to DNS resolution manipulators, sending you to one website when you think you're visiting another. The identity theft implications are huge.
You should also change the default wireless security options - assuming any are being used at all - and make sure it still isn't running WEP.
"WEP is well and truly cracked," says Fogerty. "It's cracked within one or two minutes. Most routers now support WPA/WPA2 - ditch WEP and just use WPA."
And finally, pop over to your router manufacturer's website and check you have the latest firmware installed: this will take only a few minutes and could make the difference between a rock-steady router and a vulnerable rattler in security terms.
Knowledge is power
As with all things to do with IT security, and especially when it comes to the dark side of the fence and your data, it's important to keep things in perspective. This is something Tim Orchard, principal consultant at vulnerability testing security consultancy Activity, reminds us only too forcefully by bringing up the Computer Misuse Act 1990 and Criminal Justice Act 2006. Both provide legislation for the prosecution of individuals who are found to be hacking systems and networks. "To avoid falling foul of these laws, it's important to ensure you only test computers that are completely owned and controlled by you," Orchard warns. "Testing your website, which is hosted by an ISP or your BT Home Hub, for example, which is rented rather than owned by you, will not go down well with their owners and could land you with a serious fine or even a jail sentence."
Not that DIY penetration testing and a home-based hacking mentality is wrong, of course, but the above shows that you need to be aware not only of its power, but of its limitations, too.
As David Porter, head of security at business and technology consultants Detica, cautions: "A perspective needs to be maintained. All too often people fixate on the latest security breach and let that dictate the way they'll respond to the next one. The whole thing quickly descends into a 'fool me once, shame on you, fool me twice, shame on me' situation. With perspective narrowing, people become more interested in prevailing against a specific kind of previous attack than predicting and preventing the next occurrence. We call this the target-hardening trap."
As long as you don't get stuck in a penetrate-and-patch cycle, there's no reason why you shouldn't gain the benefits of hacking yourself and end up with a more secure system than you started with.
Author: Davey Winder
From around the web
For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on pictures@dennis.co.uk
advertisement
- Mozilla: everyone should learn a little bit of code
- Google mines social network data for semantic search
- Microsoft tweaks multi-monitor support in Windows 8
- Phone sales shrink as consumers await fresh handsets
- Nvidia warns 28nm supply problems continue
- File-fixing tools to improve uptime in Windows 8
- Mozilla: Microsoft blocking rival browsers in Windows RT
- Microsoft developing sound-based gesture control
- Dell working on Ubuntu Ultrabook for developers
- Media Center to be paid-for add-on in Windows 8
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Samsung Galaxy S III review: first look
advertisement
