Thursday, February 28, 2008

Biometric authentication for VPN clients

Found some interesting software and curious how well it works and how secure it actually is.

This software company makes biometric authentication software which can integrate with Checkpoint VPN-1 server and Active Directory. The concept is that a user logs into his/her desktop/laptop with a username, password and biometric fingerprint, and gets authenticated to VPN-1 and Active Directory allowing secure access to network resources and applications. Pretty cool, if it works well.

Friday, February 22, 2008

Secure your Wireless Network

Most wireless routers, such as a Linksys WRT54G, come with a default unsecured wireless network enabled. There are a few steps you should, nay MUST, take when setting it up for the first time.

1. Change the default Admin password.

2. Change the default name of your wireless network (also called the SSID) and don't broadcast it.

3. Enable MAC filtering to only allow your trusted computers to access the wireless network.

4. The most IMPORTANT item is to enable WPA-PSK/WPA2-PSK encryption. WPA-PSK is strong, but WPA2-PSK is better. However some older computers do not support WPA2-PSK.

Note that many wireless routers may try to enable WEP encryption. DO NOT use this if you have the option of using WPA-PSK or WPA2-PSK as it is FAR less secure. A capable and motivated attacker (even the kid across the street who 'knows computers') can break into a WEP enabled wireless network in about 10 minutes. If you cannot use WPA-PSK or WPA2-PSK then WEP is better then nothing at all.

Wednesday, February 20, 2008

Open source disk encryption for Windows

TrueCrypt version 5 has been released. I'll be testing soon and hope to have a good spiel on how it works in the near future.

Wednesday, December 19, 2007

And we thought the Guinness Brewery breach was bad...

CSO Online posted its top 10 security breaches of 2007. Not surprisingly at #1 was the "but isn't WEP secure?" incident at a major retailer...

WEP has been proven to be so insecure that any business who even thinks about using it should seriously question their security standards. With the advent of tools such as aircrack-ptw, it is now faster then ever to gain the encryption key from a packet capture.

How fun this might be!

Posted to Slashdot yesterday...Christmas day the Pen Testers cometh!

Saturday, December 1, 2007

Quick restaurant plug

Anyone in the Park Slope neighborhood of Brooklyn should check out a great restaurant called Applewood. They have a great menu and the food is outstanding. Go, now!

Friday, November 30, 2007

NOOOO!!!!

Found this article today on Bruce Schneier's blog and wanted to share it:
-----------------------------------------------------------------------------
ireland.com - Breaking News - My goodness, thief drives off with 450 kegs
-----------------------------------------------------------------------------
Sounds easy doesn't it? I wonder how many other breweries have such lax security standards...