Tag: Internet security

Article

http://nakedsecurity.sophos.com/2011/11/10/fbis-operation-ghost-click-takes-out-operators-of-dnschanger-malware-network/

FBI guidance document on checking your computer’s DNS settings (PDF) – mainly applies to most regular-computer operating systems

My Comments and explanation

What are DNS servers?

The DNS is the Internet’s phone book

Domain Name Servers – the Internet’s phone book

The Domain Name Servers are effectively the Internet’s “telephone directories”. In this analogy, you may be thinking of calling a particular person or business in a particular area, but you don’t know their phone number. So you would have looked up the White Pages telephone book and searched this book by name and location till you found their number which you would dial to make that call. If you couldn’t find it in that directory, you would proceed to call a published “Directory Assistance” number like 411 in the USA, 192 in the UK or 1223 in Australia to ask for that number.

With the Internet, each computer is addressed by a particular IP address which effectively is the computer’s or network’s “phone number”. But it would be hard to remember these addresses for the Web sites we visit or the email servers we send the emails to. The Domain Name Servers take up the role of the telephone directories of the Internet by mapping the human-understandable Web addresses and domain names like homenetworking01.info to the IP addresses that are these sites and resources’ actual locations on the Internet.

How are these determined in your computer or network?

In most cases, the details about what DNS servers to use are passed on to your computer or other device through your home network by the router every time each piece of equipment on that network uses the DHCP protocol to get information from that device about where it stands in your network like its IP address. The router typically gets these details from your Internet provider’s servers every time it sets up the Internet connection with your Internet provider as part of asking the servers where it stands in the wider world of the Internet.

It is feasible to configure a DNS server list for a particular computer, device  or network using the operating system’s network-settings interface or the Web-based management interface in the case of your router. This is a practice that is commonly done by corporations with their private networks to create human-readable identities to particular servers or networks that host particular resources.

Why does the DNS appeal to computing’s “bad actors”?

The DNS appeals to computing’s “bad actors” because it allows one to redirect a particular domain name to a different IP address that what it is supposed to go to. This can be to a Web server that is loaded with malware, existing as one of many different traps for users to supply information that is confidential to them or their organisation; or to keep them away from sites that provide proper information like security updates for your computer in order to make it easier for the network to be used by the Internet’s “bad actors”.

For email, it can also be about creating “honeypot” addresses that take advantage of domain-name typos in order to catch confidential email that is mistakenly addressed.

It can also be used as part of a concerted attempt against Websites by setting up “click-fraud” or “malvertisement” activities against advertising networks or their stakeholders i.e. the advertisers and publishers by sending users to or through dodgy Websites instead of to the advertiser’s campaign landing page.

This modification can be caused by malware that modifies the computer’s DNS settings or gets at these settings on a home-network router that hasn’t been properly set up with a password to affect the settings that everyone on the network knows.

Keeping the DNS settings safe

DNS settings in Windows ipconfig / all screen

The first step is to know what the DNS settings are to be for your computer and network. Here, this should be found out from your Internet service provider or the IT support staff at your workplace.

Check the DNS settings on your equipment to make sure they reflect what these settings are meant to be. Most platforms will show these details in a “Network Connections” option like the “Control Panel – Network And Internet – Network And Sharing Center” in Windows 8 and 8.1, or “[Apple] – System Preferences – Networking” on the Macintosh OS X. Windows users can use the Command Prompt to obtain these details by typing “ipconfig /all” to obtain the full details about their network connection. Most other network-enabled devices like Smart TVs and network printers have these details as part of the “Network” or similar settings, typically as part of a “troubleshooting” or “settings” menu.

DNS settings on network setup screen on Brother network printer

Infact, if you suspect that malware has got at your computer because it appears to go to different Websites than what you asked for, make a “spot check” on your network’s DNS settings using your games console’s, smart TV’s or network printer’s user interface to see if your router has been “got at” by the malware.

As for your router, check the DNS settings in your WAN, Internet, Network or DHCP settings menu in its Web-based management page. The router’s management password should also be set to a password other than the default password so that any DNS-changing malware can’t change these settings for the home network and is something you need to do as part of commissioning a new router. Most of these routers also allow you to export the settiings to your computer’s secondary storage and import them back to the router. This is a practice that is worth doing once you have all the settings in place so that if you reset the router to “ground zero”, you can keep your configuration.

As well, practicing good computer housekeeping like “think before you click” on email and Website links and keeping your desktop security software and operating system up-to-date with the latest security patches is a prudent step towards keeping away from malware that can change your network’s DNS addresses. For mobile and other “platform” computing environments like iOS, Android or your smart-TV environment, researching on apps provided by that app store is also a prudent way to go about keeping the DNS information safe.

Netgear DG834G ADSL2 wireless router

So, you’re ready to set up that nice and convenient home wireless network.  You’ve got the router out of the box and you’re ready to plug everything in, but there’s just one problem.  You’re concerned, or maybe you’re even a little bit paranoid.  You’re wondering who out there might be able to pick up the signal.  Setting up a wireless network in your home can be very simple, but it can also pose a few risks if you get lazy or you’re using older wireless router technology.  Once you’ve set up the router, yes, other people with wireless devices may be able to detect the signal you’re broadcasting, but depending on the precautions you’ve taken, you can determine what happens when they see that signal.

 Whether you live in an apartment complex, a tightly-packed subdivision, or on some rural street, there will always be opportunity for someone to detect your wireless signal.  All they have to do is look for it.  Does it mean they’ll try to connect to it?  No.  There isn’t any reason to panic about who might be able to see it.  It doesn’t matter.  What matters are your security and the preventative measures you’ve put in place to block unwanted access when that stray individual does decide to try to connect to your network and attempts to access your internet or your computer.

 Securing your internet connection and your personal network is a relatively simple thing to do.  Many newer routers or modem/ router combos will take you through a setup wizard that should walk you through activating security protocols, such as WEP or WPA and changing the SSID (network name).  Setup wizards aren’t necessarily the best option when setting up your wireless network’s security, but if you don’t know what you’re doing, it can work.  Just remember to change the SSID and avoid using WEP security.

 Why?  Not changing you router’s default SSID can be a sign to outsiders that the user who set up the network has no idea what they’re doing.  It can make that wireless signal a potential target.  You can change it to whatever you want.  As for WEP, it’s useless and simple to break through.  A tech savvy 8-year-old could break through WEP security in minutes.  If you’re in the market for a wireless router (or already purchased one) and one of the device’s selling points is WEP security, stay far away.  Instead, look for devices offering WPA security, or better yet, WPA2 security.

Then set an encryption key password that isn’t your dog’s name, your street address, the town where you grew up, or something equally lame and easy to crack.  Make it tough.  Make it long.   Don’t make it what you think is tough, make it genuinely tough.  Try a password creation exercise.  Write out strings of numbers and letters or a piece of paper.  Or write out a series of words that have no apparent or logical connection to one another.  Or make up words that aren’t in any dictionary.  Be creative and don’t worry if you can’t remember it or not.

Since we’re talking about a home network, it isn’t a big deal if you write down your insane password and store it somewhere, preferably in a place you will remember.  That way, when you have additional devices you want to grant internet access to, whip it out, you’re ready to go, and no paranoia.

Editor’s note:

Most recently-issued ISP-supplied or retail wireless routers are implementing a “secure by default” strategy which makes the process of creating a secure wireless network simple for most of us.

This includes strategies like WPS easy-setup routines with a random passphrase, and an increasing number of routers provided by the ISPs or telcos as customer-premises equipment use SSIDs that typically have a service marketing name followed by three or four random digits such as “BIGPOND1223 or OPTUS4345. These strategies relate the experience of a secure home network to that of installing or using a typical door lock, something most of us identify with regularly.

Guest post by Jack Pike Television lover and guru of all things Cable, spends his time blogging with Time Warner Cable when not enjoying the tube.