The Basics Of Wireless Security

When browsing the web you are exposed to many vulnerabilities.  By virtue, the operating system you use is enough to expose personal information to any relatively technical individual.  Whether you are at your desk or in the comfort of your home, the information you transmit to and from the Internet is, by default, not secure.  Out of the box, the wireless router you install at home in minutes does not have security enabled.  Manufacturers feel as though adding default security creates a level of complexity that the average user doesn’t want to be bothered with.  Many individuals feel as though they don’t care about who’s watching until they make that first credit card purchase.

Many open source applications such as Wireshark were designed to be a network tool but have the ability to be much more.  A graphical interface with information sorting and filtering options allows packets to be captured whether wired or wireless.   Consequently making the information you transmit/receive available for others to view.

WiFi can be transmitted and/or received by so many different devices that the amount and type of data passing by us is remarkable.  From cell phones and gaming systems to desktop and laptop computers, packets of data are passing through the air at unimaginable rates.

When you go to the local computer superstore and purchase an access point or wireless router you’re often given misleading advice that give you a false sense of security.  Many of the commonly recommended wireless security tips aren’t actually all that useful and may even do more harm than good by giving you that false sense of security.

Too often, we catch a story about an individual being accused of possession of, or downloading, illegal material.  By having a wireless network unsecured or improperly secured, you become an open portal for the transmission of such material.  On top of that your network is leading the trail for authorities directly to you!

Why? How?

Your Internet Service Provider (ISP) assigns an IP address to you via the router they provided.  The destination or source IP address for the illegal material is simply captured as part of the packets being transmitted.  The authorities trace the IP address to the ISP who then traces the IP address to the one assigned to you.  By not having your network secure, you hold a level of responsibility for the type of data being transmitted to and from your router whether having the knowledge of it or not.  Hypothetically, someone can connect to your network without your knowledge and either download or transmit illegal material.  You’re thinking — The police will just see that I didn’t do it.  Very true, but only after your neighbors saw the police at your home/office seizing your PC and your name was published in the newspaper.  Did I mention a costly defense?

What can I do to secure my wireless network?

Don’t broadcast your SSID

The SSID (Service Set Identifier) is an identification that is broadcasted by a wireless router. Basically, it’s the router saying “I’m out here, this is my name, connect to me.”  Telling a router not to broadcast its SSID may prevent basic wireless access software from displaying the network as a connection option, but it does nothing to actually secure the network. Any time a user connects to a router, the SSID is broadcast in plaintext with that packets sent and received, regardless of whether or not encryption is enabled. SSID information can also be picked up by anyone listening to the network in passive mode.

Disable DHCP

DHCP or Dynamical Host Control Protocol is when an IP address is automatically assigned to your device.  Static IP addressing is when you manually assign an IP address to your device and giving you the ability to change your subnet.  Switching DHCP off and using static IP addressing is no defense against a potential hacker. Anyone sniffing the network can usually figure out the IP scheme that has been used to assign the IP addresses with the subnet range.

Filter MAC addresses

Each NIC card has a unique MAC address.  Theoretically, this sounds great as a wireless access points can be configured to accept or block specified MAC addresses. The problem with filtering by MAC address is that these addresses are easily detected by anyone using appropriate monitoring software like Wireshark.

Filtering MAC addresses is the only one with even a minimal level of value. MAC address filtering can keep a beginner hacker or neighbors from easily connecting and accessing your wireless network, but it won’t do much else. To keep more sophisticated intruders off of your network, you’ll have to use encryption in addition to MAC address filtering

Use Encryption

Even the routers you can purchase locally are capable of using encryption.  What ever encryption you use, your key phrase should consist of as many characters, symbols, and numbers as possible.  WPA is a good encryption method, followed by WPA2, WPA, WPA, and WEP. Generally, any router that supports WPA is good in terms of its overall security. WEP is an “only if you must” protocol, but it’s still a better option than transmitting without encryption.

What does this have to do with computer forensics?

New Jersey Legal posses the expertise to evaluate your network, whether wired or wireless and work with you to firmly secure it.  Often times, a company solicits themselves as having forensic experts on staff.   Without having extensive networking knowledge, the forensic expert will overlook data that may be vital to your case.  Don’t allow the smoking gun be left undiscovered!

No related posts.

Computer Forensics vs. eDiscovery: What Does Your Case Need?

At a recent legal technology trade show I was overwhelmed at how many computer forensics and electronic discovery (aka eDiscovery or E-Discovery) companies are out there peddling services. I say peddling because many of them are brokers of the services and have never actually performed the service. Many of these brokers have mastered the basic lingo, so it is hard to tell they are not genuine providers. Upon asking the brokers I met — “what’s the difference between electronic discovery and computer forensics?” — I often drew blank stares, with several of them giving answers containing verbiage well outside their comfort zones. After being in this industry for over 18 years, and having spent 14 of those years at New Jersey Legal, the firm I founded, I feel the need to communicate some of the basic principles of forensics and electronic discovery with our clients. New Jersey Legal services over 500 law firms across the state annually, so I hope this reaches and helps some of you. I have diligently kept up with both computer forensics and electronic discovery by consulting with clients, attending classes, and sitting through countless “webinars” and seminars. From this variety of education, New Jersey Legal has developed educational manuals and offers courses on these services. My goal is to help you understand more about computer forensics and electronic discovery by presenting concepts as simply as possible. In subsequent blog posts I will gradually advance the concepts and the technical issues giving everyone a more advanced feel for both computer forensics and electronic discovery.

What are the general differences between computer forensics and electronic discovery services?

COMPUTER FORENSICS:

Computer forensics (technical definition) – is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums. Computer forensics is also known as digital forensics.

Not long ago, discovery consisted mainly of gathering paper documents, but today, it means not only collecting paper, but also collecting any related electronic data. If you think of the lifecycle of a legal case in 2009, most of the cases have to start with a forensically sound “Data Collection.” For this blog post we are going to keep it simple and limit the electronic data in this scenario to three main categories.

1. Loose electronic files (word docs, spreadsheets, PowerPoint files, etc… for example, what you might find in your “My Documents” folder)
2. Image files (Tiffs, jpegs, PDFs, etc… for example, photos or scanned documents you may have saved on your computer or attached to an email)
3. Email files (Mainly PSTs – these are electronic container files that may include emails, attachments, contacts, calendar items, etc… )

Performing a forensically sound and a court defensible data collection will require a Certified Computer Examiner (CCE). CCEs utilize computer forensics software and hardware to gather electronic data (data from computers, hard drives, disks, etc…). CCEs testify in court as to the collection methods used, they verify everything was collected, and they explain any issues or anomalies in the data if there were any. The process of identifying, gathering, and, in theory, cloning the data is called “forensic imaging”. When the CCE is “forensically imaging” a data storage device, they are basically taking a snapshot of the data in its entirety and in its current configuration. Part of this snapshot will include the unused space on your computer. This unused space may appear to be nothing of importance, but after analysis, a CCE may show that it houses deleted files that were never overwritten. In the normal course of computer use, you do not see any of this, but using computer forensic and restoration tools a CCE may reveal electronic files thought deleted and gone forever.

ELECTRONIC DISCOVERY:

Electronic Discovery, eDiscovery or E-Discovery is the discovery process as it applies to electronic records. These electronic records are referred to as ESI (Electronically Stored Information). Electronic Discovery is complex, but for simplicity, in this first post, we will define it as is “the actual processing of electronic data (ESI)”. For this E-Discovery example, let’s say our ESI (electronic data) was first collected or “imaged” by our CCE. Now we have to process the data in our eDiscovery platform. In this simplified example, the process will include the following:

1. Extracting all the text to allow key word searching.
2. Extracting out all of the metadata (metadata is “data about the data” – Medadata fields most commonly utilized in loose files are MAC times – modified, accessed, created. Metadata fields most commonly utilized for emails are – sent by, sent to, cc, bcc, dates, subject, etc…)
3. Identify any files where text extraction was not possible. Further processing will be needed for these files and this processing will be explained in a future blog post.
4. Cull down the data set by keyword, date range, and custodian searches.
5. At client’s request, export out all the relevant data and load files for Concordance, Summation, etc., or host the data on our web based platform, ImageDepot.
6. Once reviewed for privilege, we can export just the responsive data. This data is exported along with a specified “load file” that will allow the party receiving the data to load, into their system, all the records along with the associated metadata for each record.

Again, keeping it simple…

In short, computer forensic services are for collecting data, preserving data, and finding and restoring deleted data. E-Discovery services are for processing, culling, and delivering data. These simplified concepts should help get you started and serve as a guide when strategizing as your case begins.

Gary Overman
President
New Jersey Legal™

No related posts.