Securing a router & wireless network is very important because if you don't, your neighbors can not only borrow your Internet connection, but also access your files and check up on what you're doing. Even worse, hackers can use your internet connection to upload illegal materials and steal your personal financial information. Unfortunately many consumer and small-business routers come with insecure default configurations, have undocumented backdoor accounts, expose legacy services and have firmware that is riddled with basic flaws. Below are some helpful tips that will make your home or business network much more secure. Avoid using routers supplied by ISPs. These routers are typically less secure than those sold by manufacturers to consumers. They often have hard-coded remote support credentials that users can't change and patches for their customized firmware versions lag behind patches for the same flaws released by router manufacturers.

Change the default admin password. Many routers come with default administrator passwords and attackers constantly try to break into devices using these publicly known credentials. After you connect to the router’s management interface for the first time through your browser — the address should be the router’s default IP address found on its bottom sticker or found in the set-up guide — make sure the first thing you do is change the password.

The router's web-based management interface should not be reachable from the internet. For most users, managing the router from outside the LAN (local area network) is not necessary. If remote management is needed, consider using a VPN (virtual private network) solution to establish a secure channel to the local network first and then access the router's interface.

Choose a complex Wi-Fi password and a strong security protocol. WPA2 (Wi-Fi Protected Access II) should be the option of choice, as the older WPA and WEP are susceptible to brute-force attacks. If the router offers the option, create a guest wireless network, also protected with WPA2 and a strong password. Let visitors or friends use this isolated guest network instead of your main one. They might not have malicious intentions, but their devices might be compromised or infected with malware.

Disable WPS (Wi-Fi Protected Setup). This is a rarely used feature designed to help users set up Wi-Fi networks easily by using a PIN printed on a sticker. However, a serious vulnerability was found in many vendor implementations of WPS a few years ago that allows hackers to break into networks. Because it's hard to determine which specific router models and firmware versions are vulnerable, it's best to simply turn off this feature on routers that allow it. Instead, you can connect to the router via a wired connection and access its web-based management interface and, for example, configure Wi-Fi with WPA2 and a custom password (no WPS needed).

Keep your router's firmware up to date. Some routers allow checking for firmware updates directly from the interface while others even have an automatic update feature. Sometimes these checks might be broken due to changes to the manufacturer's servers over the years. It's a good idea to regularly check the manufacturer's support website manually for firmware updates for your router model.

This week, Kaspersky Lab's identified DVRs and IP camera systems as the top source of Internet attacks. More than 63% of the attacks observed by Kaspersky came from DVR and IP camera systems, and nearly 20% came from routers and other networking devices. Essentially, hackers are taking over IP camera systems and using them to attack other systems. You might not care your system is being used to attack some business, but it also means the hackers could view, record and transmit your personal home/business audio & video streams. There's even a creepy website streaming from over 100,000 private security cameras! If you're able to check your cameras from outside your home or business, the system is vulnerable. It’s alarmingly easy for an IP camera to be hacked so make sure to take the below precautions as your Businesses' or family's privacy could be at risk.

Update your Camera's Firmware - Most modern IP security cameras feature user upgradeable firmware. If a security vulnerability is found, the IP security camera manufacturer will often fix the vulnerability by issuing a firmware update. Usually, you can update your camera's firmware from the admin console via a web browser. Be sure to frequently check for updates!

Password Protect Your Cameras - Most cameras offer some form of basic authentication. Protect your camera feeds with a username and a strong password and change it periodically.

Rename the Default Admin Account & Set a New Admin Password - Your camera's default admin name and password, set by the manufacturer, is usually available by visiting their website and going to the support section for your camera model. If you haven't changed the admin name and password then even the most novice hacker can quickly look up the default password and view your feeds and/or take control of your camera.

If Your Camera is Wireless, Turn on WPA2 Encryption - If your camera is wireless capable, you should only join it to a WPA2-encrypted wireless network so that wireless eavesdroppers can't connect to it and access your video feeds.

Avoid Port Forwarding to your IP Camera - The router you use comes with built in security that blocks certain applications from accessing your home network. Some people choose to set up port forwarding for devices such as an XBox which might be OK, but when it comes to IP cameras I don’t recommend you do this. If you’re not sure what I’m talking about you’re probably safe (you have to actively open port forwarding so you will know if you have done that).

Each month, Nebula Consulting posts vulnerability notes from CERT's vulnerability database. Check back often for updates! 02 May 2017 - VU#491375 - Intel Active Management Technology (AMT) does not properly enforce access control

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.

A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.

Solution: https://downloadcenter.intel.com/download/26754

04 May 2017 - VU#276408 - Intel Active Management Technology (AMT) does not properly enforce access control

Think Mutual Bank mobile banking app for iOS, version 3.1.5 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

An attacker on the same network as the iOS device may be able to view or modify network traffic that should have been protected by HTTPS, which may lead to the exposure of sensitive account information, including login credentials.

Solution: The vendor has released version 3.2.0 to address this issue. Users are encouraged to update to the latest release.

04 May 2017 - VU#556600 - Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

Space Coast Credit Union SCCU Mobile for Android, version 2.1.0.1104 and earlier, and for iOS, version 2.2 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

An attacker on the same network as the Android or iOS device may be able to view or modify network traffic that should have been protected by HTTPS, which may lead to the exposure of sensitive account information, including login credentials.

Solution: NONE. The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workarounds.

Did you Nebula Consulting installs voice, data & video cabling systems? Over 50% of network issues are caused by cabling issues. New, structured cabling increases network speeds by up to 10x, supplies power to equipment, supports future upgrades & reduces install time. All our cabling is installed by a licensed electrician. By nature a structured cabling system is more neat and organized than the traditional point-to-point cabling systems. A structured cabling system does take planning, but after you have it set, you can rest easy. The advantages include –

• • Supports future upgrades – the modular design make moves, adds and changes a snap!

• • Reduces install time – by allowing for efficient changes and upgrades

• • Reduces cabling bulk and congestion – an organized and planned infrastructure allows for the use of smaller diameter trunk cabling and cleaner cable management

• • Improves airflow – reduced congestion decreases the chances for blocked airflow and crushed cables

• Reduces power and cooling usage and cost

If you’re selling products online – whether that’s on social media, through a marketplace or your own store – get to know the basic behaviors of eCommerce safety: monitoring, updating and revising. Here are some strategies to help you stay safe as a seller and protect your customers. Invest in a Secure Web Environment

The platform you use will have a big impact on your web security; make sure you go for a sophisticated one with a proven security track record. Once you decide on a solution, don’t just settle for its default security settings — customize it with plugins, packages and/or tools that enhance your security wherever possible.

Put up Firewalls and Security Layers

Short of buying more bandwidth, firewalls are your best bet when it comes to preventing denial of service or distributed denial of service attacks (DDoS: where hackers attempt to flood your system and crash your site). Penetration testing can help unearth any issues.

Update Frequently

Staying on top of web updates is key — they will keep your store safe and functioning correctly. Update your SSL certificates — they expire and need regular updating.

Get Clued up on Payment Security

Storing people’s credit card and payment details is one of your most important jobs as an online merchant. Use adequate encryption and SSL certificates. Always verify card and address details to reduce the risk of fraudulent transactions. Geo-targeting can also help eliminate these transactions.

Manage your data safely

Storing customer data is a big responsibility — don’t take it lightly and don’t mess with the trust they have placed in you. Purge customer data frequently and don’t store any more data than you have to. Consider integrating with mobile payments for customer convenience and improved security.

Backups, Backups, Backups!

Backups will save your life if something goes wrong — so make sure that you test them regularly (and that they actually work). You need to test your backup system and ensure that you can actually restore your site and data from it.

Source: Patrick Foster