Top 10 reasons to root your Android mobile phone or tablet

Some of you may have heard of it in whispered tones : "you can do this (or that) if you would only ROOT your phone". You might wonder what is this "root" thing and what it might do for you ...

How to root the Samsung Galaxy Tab 7.7 GT-P6800

The steps below show how to root the Samsung Galaxy Tab 7.7 GT-P6800. Note that this guide is for the 3G+Wifi version only. Be sure you know what you are doing ...

Singtel 3G APN settings for Samsung Galaxy Tab 7.7

One of the first things that I did upon getting my Samsung Galaxy Tab 7.7 was to ensure that the Singtel 3G APN settings are correct. I've read that you can configure it with slightly more optimized settings as follows ...

Singapore : Telco authority IDA to mandate improved 3G mobile coverage standards, cap mobile roaming charges

IDA, the overall Singapore telco authority, has recently come up with a couple of mandates to try to resolve two of the most pressing issues faced by mobile phone users in Singapore.

Apple nets $46.33 billion revenue, Samsung gets $42 billion in Q4 2011

Tech earning season is in and we are looking at some incredible numbers out there. For Apple's Q4 2011 results, the official press release noted that the company "posted record quarterly revenue of $46.33 billion and record quarterly net profit of $13.06 billion".

Saturday, January 10, 2015

10 Ways to Secure Your Internal Network

We see this often. On the outside, you have these imposing fortress walls. Once inside, there are no further defences and everything is wide open to attack. The same applies to networks as well. Once you get past the big imposing firewall, everything on the internal network or intranet is wide open to further intrusion.

So here are 10 ways to secure your internal network. These measures range from the simple to the more draconian.

1. Harden existing machines. Update OS patches as they become available. Keep anti-virus signatures updated at a reasonably high frequency. Nowadays commercial AV vendors push updates to clients multiple times per day. Even the free ones update once per day and that might be good enough for many cases.

2. Reduce the attack surface and minimize exposure by closing unused ports and shutting down unnecessary services. Case in point is the Asus wifi router infosvr issue where a service that wasn't really needed turned out to be a big security vulnerability.

3. Secure remote access protocols. At a minimum, enable Network Level Authentication if you are using Remote Desktop to remotely access other Windows machines. Also, ensure that a minimum set of users is allowed to remotely access these machines. Whether for Windows, Linux or any other OS, remote login is a powerful function. Hand this out only when needed.

4. Ensure encryption is turned on for network traffic wherever possible. This applies equally for client-to-server traffic as well as server-to-server traffic (such as application server to database server).

5. Optionally, go beyond simple encryption by turning on IPSEC with two-way certificates to defeat sniffing, spoofing and other impersonation attacks. Certificate management could be a problem as you would probably need to own an entire PKI (Public Key Infrastructure) setup for this.

6. Setup an intrusion detection system (IDS) to monitor network traffic. This is a given but it is easier said than done, as IDS systems tend to either generate too many or too few warnings and alerts. Tuning an IDS can turn out to be an exactingly fine art in itself.

7. Conduct regular vulnerability assessments. Just about the same network penetration testing tools are available to both attackers and defenders and many of them are free and open-source, so this is definitely doable. It just takes effort and time - or if you have to outsource this, it will take money. Quite a bit of money.

8. If you have a wireless segment, you can follow these 11 guidelines to secure wireless networks. In particular, disable over-the-air management of wireless AP's, and enable the highest encryption levels wherever possible. Whether this is WPA2 (Personal) with a suitably complex password, or going all the way to two-way WPA2 Enterprise with 802.11x EAP-TLS depends on your situation and level of security required.

9. If you are letting public visitors use your internet as a courtesy or as part of your legitimate business operations, use a guest wifi network separate from your internal network. Never shall the two mix.

10. Where possible, for your wifi network, find the setting for and enable AP isolation. This will invalidate certain classes of attacks on the WPA2 protocol on the internal side of the network.


Twitter Delicious Facebook Digg Stumbleupon Favorites More