6 wireless threats to your business
by Christopher Elliott
reprinted with permission from the Microsoft Small Business Center
If you think a promiscuous client is a scantily-dressed customer, you’re in trouble. And I’m not talking about having an affair.
Think an evil twin is a horror-movie villain? Wrong again. The horror you should be bracing yourself for is not on the silver screen — and it’s not from a rolling pin flung at you from across the kitchen, for that matter. Rather, the trouble is in the airwaves and targeted to Wi-Fi users.
Both the “Promiscuous Client” and the “Evil Twin” are two of the latest wireless threats to your small business. If you haven’t heard of them, you probably will soon.
“What would happen to your business if your strongest competitor gained access to all of your data?” asks Greg Phillips, chief executive for AirTegrity Wireless, Inc., a Stateline, Nev. wireless security company. “Unfortunately, it is a very real possibility if appropriate controls against these new threats are not exercised.”
So what’s out there?
The Evil Twin.
One of the most popular new threats to Wi-Fi users is the Evil Twin, sometimes referred to as WiPhishing. It’s a rogue access point that replicates another network name, such as that of a hot-spot or a secure network. “The Evil Twin waits for a user to mistakenly sign into the wrong access point and captures the user’s network data or attacks the computer,” says Mike Klein, chief executive of Interlink Networks, Inc, an Ann Arbor, Mich. Wi-Fi security firm for small businesses. Klein recommends using an application like the free LucidLink Wireless Client (www.lucidlink.com), which automatically detects the change of security settings and warns the user to prevent an Evil Twin attack. He says it’s also best to stay away from any open, or unsecured, wireless networks.
The New War Drivers.
Basically, War Driving is an unauthorized person hacking your company’s wireless network. That’s a problem if your network is open or not adequately secured. (Is yours? This is probably a good time to check.) “The War Driving threat only affects businesses with unsecured wireless networks,” explains Nicholas Miller, chief executive of Cirond Corporation, a Campbell, Calif., wireless security company. “It can affect the security of confidential business data that resides on users laptops.” So what’s new about this threat? War Driving used to be an obscure pastime for hackers, who would cruise around in their compact cars looking for open networks. But lately, the new war drivers can also be competitors or disgruntled employees, sitting in the parking lot and trying to penetrate your network.
The Promiscuous Client.
A close cousin to the Evil Twin, Promiscuous Clients are opportunistic hazards to your business. Instead of associating with an access point that is placed near a public hotspot intentionally, and for malicious purposes, the promiscuous client is simply there for one reason or another, offering an irresistibly strong signal. “802.11 wireless cards often look for a stronger signal to connect to as well as look to hook up with a common SSID name,” says Michael Maggio, the president of Newbury Networks, Inc., a Boston IT security firm. (I actually encountered a Promiscuous Client on a recent trip — one offering a terrific signal and speed. Fortunately, my laptop and I both survived the meeting.) Maggio suggests using a wireless “sniffer” (Microsoft Windows XP has one) that can help you monitor and test your network airspace. “The more you know about your layout — inside your offices, across the hallway, on the floors above and below you, as well as outside your bricks and mortar (business) — the better idea you’ll have about where security breaches might occur,” he says.
Bluesnarfing and Bluejacking.
Your Bluetooth-enabled wireless device can leave you open to a hack attack, too. For example, Bluejacking allows unauthorized users to send a message to your phone. Bluesnarfers can steal data from your phone. But that’s only part of the problem. Perhaps the more troubling issue is that these crimes are often untraceable. “The newest threat is the inability to perform forensics on this new technology,” says Mark Lobel, director of PricewaterhouseCoopers’ security services group. “You can try to stop an employee from doing bad things, but with some of the newest wireless technologies, you can not yet perform the forensics to determine what actually happened.” These attacks can really leave you with the “blues,” many experts say, so heed this advice: Turn off Bluetooth until you need it.
The cell phone virus.
In a recent column, I took a closer look at the growing threat of cell phone infections. Several of the experts I interviewed suggested the worries might be overblown. But in the weeks since the column appeared, says Ted Demopoulos, an IT consultant with Demopoulos Associates, in Durham N.H., a number of new cell phone viruses were identified. “Experts disagree on how serious the cell phone threats are,” he says. “But it is wise to take some simple steps to protect against threats.” Demopoulos says most small businesses ignore the data on their cell phones. By backing up the numbers, you can assure that they won’t be lost if your phone ever succumbs to a virus outbreak.
Wireless network viruses.
There are viruses, and then there are wireless viruses. For example, the virus worm MVW-WiFi, which bores into a laptop through a wireless network, sends out wireless probe request packets to find other local wireless networks and then forwards itself to adjacent wireless networks, according to David Sandel, the chief technology officer for NetLabs, LLC, a St. Louis networking company. “Its destructive capabilities are exponential in nature.” His advice? Run antivirus software — and keep it updated.
Whether you’re using a Bluetooth-enabled Personal Digital Assistant, a cell phone or a laptop, you can steer clear of most trouble by double-checking your security settings.
That goes for your small business wireless network, too. Nearly two-thirds of all wireless users are on an unsecured network, according to several surveys. “That’s pretty scary,” says Scot Zarkiewicz, chief executive of SingleClick Systems, a Toms River, N.J., networking company for small businesses. “If there is one point that small businesses should know about wireless networking, it is that encryption is their best form of protection.”
But the biggest wireless security threat, by far, isn’t a virus or hacker attack. It is complacency, says Gary Morse, president of Razorpoint Security Technologies, Inc., a New York company that describes itself as “professional hackers.” “We hear all the time, ‘We’re not a target,’ or, ‘We only need to secure the ‘important machines,'” he says. “Awareness is the most critical point of fortification. If users are simply aware of what could take place, of what the true risks are, then everything else could be built on that.”
How to avoid ‘Out of Memory’ errors: 3 tips
by Christopher Elliott
reprinted with permission from the Microsoft Small Business Center
There comes a time in the life of every computing device when it says “enough!”
Can’t go on. Need . . . more . . . memory.
The dreaded “Out of Memory” error is relatively easy to fix when you’re talking storage (short-term solution: delete a file; long-term solution: buy a new hard drive). But when it comes to the other kind of memory, also known as RAM (random-access memory) — that’s the internal kind of memory your computing device uses — things can get a little bit more complicated.
“Inadequate memory is a productivity inhibitor,” notes William Kazman, chief executive of iTeam, a Westford, Mass., information-technology outsourcing company for small businesses. “A small business typically keeps a computer for three to five years. During that hardware lifecycle, operating system and application upgrades consume more and more computer resources — memory being key among them.”
In other words, small businesses are mindful of their software upgrades, but often oblivious to their hardware needs. And that goes beyond the computer workstation. It also extends to servers and personal computing devices, such as Tablet PCs.
Your poor, overworked PC
Are you running your machines ragged? OK, there’s no evidence that an insufficient amount of memory will hurt your hardware — at least none that I’ve seen. But you could be running yourself ragged (and compromising your company’s productivity) by ignoring a memory-deficiency within your own organization.
“Most people are too conservative when it comes to planning their memory needs,” says Doug Finke, director at SimpleTech, a Santa Ana, Calif., designer of open-standard memory and storage solutions. “I think it’s a big mistake to assume the base memory size installed by the PC manufacturer when you bought the machine will be sufficient. Manufacturers will sometimes scrimp on base memory to hit target price points.”
So how do you prevent the dreaded error message from putting a crunch on your profits? Here are three tips.
1. Know how much memory your devices need to begin with. Your PC needs at least 256 megabytes (MB), but 512 MB is preferable. A small-business server should have 512 MB, but I’ve spoken with memory experts who say they’re much more comfortable with 2 GB, or 2,048 MB. Tablet PCs being used by a small business should have at least 512 MB. For smaller mobile devices such as personal digital assistants (PDAs) or cell phones, a starting point is a 1 GB flash card. Not sure how much memory you have? Here’s more advice on troubleshooting your PCs’ system memory and optimizing your machine’s performance in Windows XP.
2. Be looking for warning signs. Don’t wait for an error message. A PC or PDA will let you know when memory is in short supply long before it starts screaming at you. Obviously, the machine will begin running slower. Frequent freezes or system failures could also be harbingers of a coming memory crisis. Don’t assume that you need more memory (although you most likely do). Sometimes, your existing RAM is faulty. You’ll probably get a Stop 0x2E error — here’s more on that. Then it isn’t so much a matter of adding new memory, but rather fixing the existing RAM.
3. Manage your tasks. As you add applications to your computing device, its memory requirements change. For example, on a Windows XP workstation running basic applications such as word processing,
spreadsheets, Microsoft Internet Explorer, and financial software, 512 MB might be sufficient. But, says Jay Greenwald, president of NerdE-Solutions, a Denver computer-support company for small businesses, all that changes when you add jobs. “Adding graphics programs or accounting software, and you’re talking [about adding] 768 MB or 1 GB,” he says.How much memory are the applications on your PC using? Ctrl+ALT+Delete will pull up the Windows Task Manager in Windows XP. Click on the Processes tab and scroll to the right to see “Mem Usage.” The more processes, the more memory is being used. Gauge your memory accordingly.
If you pay attention to your computing device’s workload, are attentive to its error messages, and have a good idea of what its memory needs are, you should avoid a memory crisis. Is that it?
Kazman, of iTeam, says there’s really only one more consideration: how to get the extra memory into your computer. That’s a task he believes small businesses should consider outsourcing.
“There are a variety of memory formats available and each computer only uses a particular configuration,” he says. “Memory resellers offer online ‘configurators’ to assist with this selection, but if you are unsure, it could be prudent to purchase your memory upgrade through a value-added reseller or PC repair depot.”
How to overcome wireless threats
Increase your wireless network security with proper router setup and strong encryption protocols. Limit access to known devices and implement security policies to maximize mobile device security. The security professionals at eMazzanti can help you design a multi-layer cyber-security strategy to protect yourinformation assets.
Carl Mazzanti is Co-Founder and President of eMazzanti Technologies, Microsoft’s four time Partner of the Year and one of the premier IT consulting services for businesses throughout the New York metropolitan area and internationally. Carl and his company manage over 400 active accounts ranging from professional services firms to high-end global retailers.
eMazzanti is all about delivering powerful, efficient outsourced IT services, such as computer network management and troubleshooting, managed print, PCI DSS compliance, green computing, mobile workforce technology, information security, cloud computing, and business continuity and disaster recovery.
Carl Mazzanti is also a frequent business conference speaker and technology talk show guest and contributor at Microsoft-focused events, including frequent prominent roles at the Microsoft Inspire (Worldwide Partner Conference / WPC).
Carl, a serial Entrepreneur, gives back to the community through Entrepreneur teaching engagements at Georgetown University, the company’s ocean wildlife conservation effort, the Blue Project, and Tree Mazzanti.