Posted on 06/26/2012 10:19:42 AM PDT by Altariel
Good discipline on the password complexity but there are numerous ways to hack databases without a password. MySQL just announced a bug where it allowed access 1 out of every 256 attempts without verifying the password.
Failure to patch databases is the most common reason.
My suggestion is to never allow your database server to be connected directly to the internet even with a firewall.
storm troopers, one and all
This assumes that you are important enough for someone to go through the effort in attempting to find your router. As you pointed out, suppressing the SSID is just one layer to keep the morons out and moving to the next schmuck.
I don’t use that sort of DB. Look up KeePass on SourceForge.net. It creates an encrypted database in which all of your passwords are stored. It’s really a great little program.
I installed it on a thumbdrive which I encrypted and paired to the TPM in my secure desktop. Any passwords I need are accessed from that thumbdrive and are inaccessible unless the thumbdrive is plugged into the secure desktop, the TPM is authenticated, and the 160 bit passkey is typed in to unencrypt the database. Essentially it’s 3-factor authentication.
I also use the encrypted thumbdrive to save my MSOutlook PST/OST files, my banking credentials, MSMoney DB, and Firefox profile. Now granted if I ever lost this thing or it was otherwise destroyed, I’d be hopelessly lost, but I treat this device like I treat my wallet.
You can never be too careful.
Sadly you’re right. Even the *ahem* techs *clears throat* at Geek Squad can have questionable credentials. Never use someone who advertises on a road sign or on a public bulletin board, IMO.
Your best bet is someone who works in the industry as an engineer or administrator who does more than answer phones at a help desk. That’s not to say that help desk people aren’t technically ethical or knowledgeable, but help desk is usually where IT people 1) start their career and/or 2) end their career. I worked help desk for 6 years and have been doing engineering work for 15. If you don’t have the drive to get out of help desk you’re either a masochist or lazy.
Every database has its vulnerabilities. We tested on Oracle DB and had every password within 15 minutes. Security isn’t just passwords or encryption. They certainly help but it takes the whole picture to keep things locked up.
Key management applications help manage passwords and keepass is one. Sounds like a good system you have going there.
Most people won;t have the skills, the patience or the money to do this, but the purchase of one of the smaller wireless SonicWALLs like the TZ100W with the full security suite will present more of a challenge then most casual or semi-casual hackers and script kiddies can muster.
SonicWALL treats the wireless side as an entirely different subnet, and you must set up explicit firewall rules to allow your WLAN users access. And that’s in addition to using ACLs to allow/deny users.
SonicWALL devices are also good at detecting IP spoofing and other threats. Not cheap, but easily worth the $600 - $800 you’ll spend. www.sonicguard.com is a good resource.
If you have a network then you are important enough. You probably have banking, tax, or other personal info. If nothing else I can use your network to hack other people.
That way you get a visit from the swat commandos instead of me.
I run a security company so we see a lot of what happens.
I’d second the Sonicwall recommendation. We scan our sonicwall on a regular basis and have found it to be pretty darn good.
If nothing else dump the cheap crap verizon/comcast gives you and at least put a linksys in. Those aren’t too terrible.
I understand DB vulnerabilities but admittedly steer clear of them mostly out of ignorance but also out of a lack of need.
I don’t run any DBs on my home network anymore, esp. with all of the stories I hear and read about DB security.
In a domain environment, I force all DBAs to change the default ports to prevent script kiddies from banging on the door and enact two-factor authentication for administration (usually certs and complex passwords).
Authentication needs to be looked at with a fine-toothed comb. Passwords/phrases are old-tech. Smart cards, biometrics, and character/vision-based authentication make more sense, IMO.
It’s more about money at that point, Noumenon. When people shop for home wireless routers, they’re looking at the cheap-o $35 dLinks. Hell, anymore the ISPs are providing gateways with wireless routers built into them and controlling security from the home office. I’ve had to specifically request wired-only gateways for customers who I’ve helped to setup their home networks. That additional hardware layer of abstraction can often keep script kiddies at bay.
That's the truth. You can war-drive any apartment/condo complex and any 'burb and find a smörgåsbord of available APs. Far too many folks leave their wireless wide open.
Even up in Sandpoint, Idaho in an industrial area, I can 'see' no fewer than 8 APs, 3 of which are wide open, 2 of which are using WEP (bars of marshmallow), 2 using WPA-PSK and only one besides mine using WPA2 Enterprise.
Time to pierce the veil of Sovereign Immunity and allow victims of police overreach to get hold of those lucrative pensions. The same goes for judges rubber-stamping warrants. That might put a little more control back into the mix.
The IP they care about is the public IP address on the WAN side of the router. That can absolutely be associated with a given ISP account. It is essential that you secure the WLAN side of your network as previously suggested several times.
D!ckheads.
Wow, this didn’t get much coverge other than this article. It’s shameful.
I hope they sue that city for every last penny it has.
I know there is a big divide on the right between the pro-cop people and the jack-booted thug people.
All I can say is I USED to be pro-cop, but now I’m pretty much of the they are all jack-booted thugs school.
Because it seems that is what they aspire to be.
Our governments, fed, state and local, all need to be slapped down many, many notches.
Don’t you know it’s FAR different for the police to invade the homes of the Elite than it is for them to invade a peasant’s home?
The knights of the realm are granted the privilege to harass the serfs, not the nobles or gentry.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.