It would appear that more and more companies and home users are becoming victim to bad actors intruding on their network. Weather it be a targeted attack or drive by malware, network security is a hot topic in today’s IT landscape. In this article I will describe how you can build a low cost Honey Pot that can help alert you to an intrusion before its too late.
What is a Honey Pot?
In simple terms a Honey Pot is a device on your network that looks appetizing to a hacker. Like drawing a bear to a pot of honey. This device will advertise services that appear vulnerable and maybe draw an attacker in for further investigation. At a minimum it can simply be used as an internal “trip wire” to alert you someone poking around.
Why does a honey pot work?
I’m Joe hacker and I have just installed malware on one of your employees workstations. I have quickly gained access and I am now able to execute code and commands. What is the first thing I’m going to do? If you said start poking around you would be correct. After I look for anything of value on my host computer I will quickly begin scanning the subnet looking for hosts that are alive. I will also begin mapping the network for services that are possibly vulnerable to attack. This is where the Honey Pot fits in. It has been patiently siting on your network waiting for someone to direct a packet of data in its direction and alert you to possible trouble.
I am the proud owner of a new Dell 5290 2-in-1 laptop and its actually pretty cool. Touch screen, detachable keyboard and pen put together in a nice package for me to take my work on the go. Shortly after configuring the laptop and applying the latest Windows updates I notice the WiFi performance to be really poor. The laptop was almost unusable. My first thought was maybe the laptop chip-set was having an issue with my Ubiquity Access points, but this was NOT the case.
Why do I have poor WiFi performance?
I ran a speed test to see how bad the throughput was.
It seems like everyone on this planet likes the latest shinny new gadget, and I’m no exception. However, there are times when one of those gadgets has everything you want in it and does a good job. My Samsung Galaxy Tab S is one of them.
Its OEM battery is running on fumes and basically it needs to be tethered to the wall almost all the time. Rather than toss it in the trash or take it to the kiosk in the mall I figured I would make a run at changing the battery myself. This replacement was MUCH easier than expected. I have changed a number of iPhone batteries over the years and they are a pain to do (because of all the glue). The Galaxy was easy and only took about 15 minutes to complete.
TOOLS AND PARTS
First stop was to Amazon to check out the replacement battery choices. There was a number of different units on sale from $17 to about $55. While scrolling through they all seem to be the same Chinese replacement so I simply picked the lowest cost kit
There have been numerous studies that sitting behind a desk all day is bad for your health. This must be true because my Apple Watch reminds me to stand up and walk around every hour like clock work. Therefore the Varidesk Pro Plus must be a good thing.
Seriously, I’m not sure if we need a study to tell us that sitting around all day like a couch potato is not good for you, just like we don’t need a study to tell us vaping and smoking is bad for your health too. With that said lately the trend in the office is to convert our conventional office space into standing office space as cost effective as possible. At first we were deploying these to staff that had back issues and doctors notes, but now we are pretty much giving them to anyone that asks.
Meet The Varidesk Pro Plus 30
We did a bit of research before purchasing our first stand up desk and found some cheap junk all the way up to very expensive electric desks with electric drive motors.
The desk we chose was the Varidesk Pro Plus 30. Its not the cheapest running about $325.00 on Amazon but I can say you do get a really nice sturdy desk for your money.
The desk arrives in an oversized box. You really should have a helper on hand to assist with the unboxing and setup.
Moving into a new home or simply switching Internet providers can be a daunting task. Cable companies offer so many TV, Internet and Phone packages and combination of packages it could be hard to decide. How much bandwidth do I really need? How do I protect my network from hackers? What is the best WiFi access point and how do I maximize my range?
These are a few questions I will try to answer in this blog posting and maybe save you some money in the process.
How much bandwidth do I really need?
There was a period of time during 2017 the cable companies were having their marketing departments spin how fast their internet connections could be and they would compete for your business. 50/50 MB not enough were offering 100mb.. no were offering 900mb etc and so forth. If you’re not sure how much speed you need READ THIS. Personally I have 75/75 at home and my family is your typical Netflix / Amazon / Fortnite ECT and we are doing just fine.
Growing up in the 1980’s I was exposed to various types of analog media. I did have a record player, but they were not “cool” at that moment and I only owned a few LP’s. I even had a chance to dabble with my parents 8 track tapes, however they were on the decline when I discovered music. The medium of choice for my generation was the cassette tape. (until the compact disk came out)
Remember the old days
I can remember heading over to the local mall to shop Sam Goody’s huge assortment of cassettes, and then stopping by my local Radio Shack to purchase blanks to make copies for my friends. That was another life, when we all had high speed dubbing Dolby tape decks and “piracy” was still on the seas!
I was reminiscing the other day about how far we have come with digital media and was wondering how I could combine my love for cassette tapes into a digital format. I started taking apart my old tapes and trying to merge a USB drive into them, but didn’t have much luck. Then I had an ah-ha moment and decided rather than convert a cassette into a USB drive, why not make a USB drive that looks like a cassette.
In the office we use a SonicWall to allow remote VPN users to access local resources. For the most part it works great, allowing access to our Outlook / Exchange server, mapped drives and other important network resources.
Recently I upgraded the SonicWall to a new device and recreated the rules from scratch (rather than roll old stuff over) a few days after the upgrade SonicWall users started to experience this odd error message:
ODD OUTLOOK ERROR MESSAGE:
Outlook cannot log on. Verify you are connected to
the network and are using the proper server and mailbox name.
The Mailbox Exchange information server in your profile
is missing required information.
Modify your profile to ensure that you are using the
correct Microsoft Exchange information service.
At first I thought the users profile had just gone corrupt, so I deleted the Outlook profile and just recreated it and all was well in the world. However next time that particular user took their laptop out of the office the message eventually returned. I was able to put two and two together and figured it had to do with something the VPN tunnel on the sonicwall was doing to cause this issue.
The latest hacker / email scam has been roaming the internet for a few months now. This one is pretty ingenious because it is more of a social email hack playing on your fears rather than an actual attack on your computer.
How does it play out?
An email arrives from you, yes your own email address. The subject of the email will be related to “Account Issue” , “Security Warning” or some variation. The email will further explain that you were hacked by an International Hacker Group and demand you pay $800 USD in bit coin in 48 hours or they will release video of you in a compromising position while watching porn! The hacker further tries to prove his legitimacy by providing you with your password.
The first time I saw this attack I was taken back for a moment because the password in the email was REAL. It was actually one of my “throwaway” passwords and kind of freaked me out.
Lets break the email down and see exactly what they did
I am one of the few on the planet that still hosts my own servers in house. Sorry, but I don’t really see the benefit of moving everything to the cloud when keeping it in house allows me the control and flexibility I want. I especially like having an Exchange OWA server in house.
With that said, hosting your own systems can be troublesome as well. Maintaining the hardware, infrastructure and security are items that would get farmed out in a cloud environment. This post focuses on the security end, or rather attempting to track hack attempts.
In January, I sent up a trigger to alert me every time a user is locked out. -> Know instantly when a user is locked out<- Its a good read if you’re interested. This trigger reads the event logs, looks for the lockout event and sends the info to me via email. A great help in being proactive with my users. It also alerts me to hack attempts. Too many incorrect login attempts on OWA would trigger a lockout event. During a recent weekend, I was receiving lockout emails every 30 minutes. So who was doing this? What did they want?
I have been a big fan of SonicWall products for the last 18 years. Even after being taken over by Dell, I still use Sonicwall in my office and at home. You may say its overkill to have one in my home, but I tend to model my home lab environment to my office environment. I like to think of my home network as a sandbox for testing things in the office.
This year we are making a big push for better security around the office and one topic that came up was the office WiFi. Currently the office Wifi shares the same LAN connection as the rest of the network. Even worse there is only one SSID for both the staff and guests. Even worse than that the SSID password has not been changed for 10+ years!
A project was commissioned to segment the WiFi network from the LAN, however it is important to allow the staff that works in the office access to the LAN via WiFi when needed.
Sonicwall – I have a NSA2600, but any modern NSA device will do. If you’re not sure which Sonicwall to purchase, this is a great starter.