On 06/21/02 15:10.27, brooksinc said...
"point being just because the little radio in your 802.11b pccard or cfcard can't pick up your signal, doesn't mean you are safe."
On 05/09/02 04:12.28, I said...
"your customer's system SHOULD be fairly free from intervention by intefering signals. (And wireless network hackers ?? YIKES !!)"
By using upper case characters emphasis was clearly placed on the key word "SHOULD", and the caveat "fairly" preceded the word "free". We have to assume that no one is publicly aware of this A/V network, and thus no one is likely to be actively attempting to crack it.
When evaluating a security measure you need to first evaluate the threat potential. If you install a dedicated computer to support your A/V network, and isolate your PERSONAL computer from that network, you should be "fairly free from intervention". The chances that the data in question is valuable enough to waste time hacking is negligible. What level of bragging rights and "hacker cachet" can be associated with "I brought down John Doe's A/V network" ??
However, the chance that some renegade A/V "hacker cell" is parked down the block operating out of a Cold War surplus Pinzgauer equipped with former Soviet Block intrusion/detection equipment
still looms large. If you see multiple rotating halo antennae, use your 802.11b A/V network to contact the Black Helicopters.(Of course the "
Reds" are
always listening and they'll be tipped off.)
On 06/21/02 15:10.27, brooksinc said...
"Then from three miles away I can play tricks with your network that would make your head spin!"
There is always someone with the inclination to "play tricks", "from three miles away" with a network. Whether they just nibble away aimlessly until they "pick a winner" or use a program to capture your password from SMB's and then "run the missile codes" to parse the hash.
There will always be a way to get in. Each time you adopt a new technology or implement an additional layer of security, the rats will be at the door, trying to gnaw a hole through it.
I like to compare those "rats" to the vandal who breaks off the antenna on your car, and then scratches your paint with the jagged mast. Yes, it does take more brains and determination to hack a network, (Can you say "premeditation"? -
Mr. Rogers) but the intent is curiously similar. Each villain wants to cause you grief and each derives some kind of devilish satisfaction knowing that they were able to commit an act behind your back. If you ARE NOT aware that they've been there, there's no fun for them.
They either get smart, or get caught;
Mudge vs
Mitnick. Mudge realized he could still show people how smart he was while collecting BIG revenue doing so. Mitnick could not let go of the "glee factor" and continued to bedevil his pursuers until he got jail time. Now he gets a few peanuts thrown at him for some TV appearances."FREE KEVIN" (???) Yeah right! He got what he deserved.
On 06/21/02 15:10.27, brooksinc said...
"With a good yagi antenna I can grab your 802.11b signal from 3 miles away, with netstumpler I can grab your ssid and with my handy-dandy wep decrypter I can have your 128bit WEP key in as little as 2 hours."
A harbinger of doom; note the repetitious phrase of choice was
"I can", NOT "a hacker could". This just shows to go ya' that one-upmanship is in the blood.
I hope all this tech banter will serve as a warning that if you venture into the great unknown with this "Wi-Fi" network you should make absolutely certain your customer's valuable data is protected.
And what about DR?(Disaster Recovery) What's your contingency plan? Where is your customer going to get all those CCF's and IR codes should a hacker break in, steal them, and then maliciously "wipe out" the originals?
Oh! Wait! I guess he'd get them RIGHT HERE in the public domain, where he got them originally.
(No! The A/V hackers have sacked Remote Central's DB!) That's it; you need a nightly backup. Keep a primary copy onsite and send a "clone" to Iron Mountain Storage.
OK, here's what you need to sell the customer on:
*Biometric logon with passwords that change dynamically every thirty seconds; you should be able to get a fingerprint scanner for the PDA/'s. In anticipation of a catastrophic PDA failure (I fur-got to charge my batt-ry) you could install a few hardwired biometric access points at strategic locations throughout the system. With "an 18,000 sq. ft home that sits on 52 acres" you'll need some saturation. I recommend 2 in the command center (for redundancy), 1 in the central A/V room, 1 in the bedroom, and at least two out on the walking path.(Measure the total length of the path and split it into thirds to provide equidistant proximity between redundant outdoor control points and the one in the main dwelling.)
* Install an RSA ACE/Server and issue each member of the family a SecurID token (get a $75.00 deposit on each token) and have them create a PIN. (Loss of token results in loss of privileges until a new deposit is paid/token issued.)
*Install a Radius server.
*Use the latest iteration of L0phtcrack (LC4) to periodically evaluate the quality of passwords created by the customer, his spouse, and his children. Eight characters MINIMUM, upper AND lower case, in alphanumeric combination is the new defacto recommendation for STATIC passwords. Heck with it: Initiate a max characters rule so you can charge for Help Desk support when they forget their passwords.(You can only harvest this revenue if you leave them in an "unsafe" static password environment; you might want to weigh that against the profits associated with biometrics and RSA.)
*Have a quarterly Cisco onsite security audit.
* Have redundant overlapping audits from @stake.
*Use pervasive detection software to see if the customer, his wife, OR kids are storing static passwords in online documentation.
*Automated backups with fee-based offsite archiving service.
When your customer hears about the level of security you've brought to the table he'll be oblivious to the fact that it costs more than the sum total of the hardware and installation costs of the A/V system itself. If you find a customer who's willing (paranoid enough) to implement this level of security, you'll DEFINITELY get repeat business from him/her.
On 06/21/02 15:10.27, brooksinc said...
"If you are interested in any of these things respond and I will answer your questions."
This message was edited by Sheik_Yerbouhti on 06/24/02 01:14.11.