Cobweb

21:00 It's Thursday night, and its the last day of TechEd tomorrow - and we've covered a mass of subjects and overviews which has made the whole event just fly by.  Today I've been following some of the security tracks, and got some useful insight - as well as attending the best named sessions so far.

The first session looked at Wireless networking security - "The Black Arts of Wireless Security and White-Magic Countermeasures".  The presenter, from Microsoft, went through a number of the methodologies that hackers use for getting in to - and then disrupting - wireless networking.  So we started off talking about a site called www.wigle.net, a growing database (13mln and counting) of wireless networks available, whether they are open/free, what their SSIDs are, MAC addresses, channel etc.  While this is a mostly US based utility, the world maps are worth a look if nothing else.  Looking at the results of some searches, most users are still using the default settings for their devices - something like an SSID of "Linksys".  This gives a hacker a great start - if the SSID hasn't changed, I would doubt the default password has either...  This was proven in a great example from the lecturer - he was working in a hotel, and the wireless was a bit slow.  So he connected to the router - used the default settings (widely available on manufacturer websites), logged in and increased the broadcast power.  If you haven't already, log in and get them changed.

The second session covered some Windows OS security - "How the Evolution of Military Strategy can be applied to Information Security Strategies in the Enterprise".  For this session I was perhaps expecting Sun Tzu's art of war (here), and while the grand title didn't deliver this it had some great advice for actively protecting your OS.  One that stuck for example was many viruses/trojans - for example Blaster and Sasser - use the cmd.exe file to deliver their service and infect a computer.  This was demonstrated by gaining access to remote machine through an hacking utility (an RPC exploit) which presented a cmd shell with system privileges.  Next, on the targetted machine, we changed the file security to Interactive access only (file can only be executed locally) and ran the same hack.  And it didn't work.  So this then would have been protection against these viruses, and potentially many others too.  Simple when you know.