How to secure Wireless Networks

                         
::::::::::::::::::::::::::::Secure Wireless Network part 1:::::::::::::::::::::::::::


Threats to Wi-Fi Implementations

Radio waves can penetrate through walls there is a great chance of unauthorized access to the network and data. Because of its broadcasting nature, anybody can sniff the network for valuable credentials. If the network is not properly secured the attacker will get sufficient data to launch an attack.

In brief the following cases may happen.

i) The attacker may search for available wireless networks in the close proximity. If the Access Point( AP) is open the attacker can avail the network without any effort.

ii) The attacker can directly log in to the Access Point using default credentials and configure the device in whatever way he wants.

iii) The attacker can sniff the network for configuration details such as SSID(Service Set Identifier) , BSSID(Basic Service Set Identification ), encryption used, channel used etc. He can capture sufficient packets to launch an attack.

iv) The attacker can install a fake Access Point and lure(like advertising free internet access) users to connect to the rogue AP.

v) The attacker can disrupt the normal functioning of the network.


Securing AP/ Router

As far as a user is concerned, securing Access Point ensures the primary level of security. In this document configuration settings of an AP/Router that is installed in a typical home network is discussed.

1. Change Administrator Password

An attacker can easily find out the default password. It must be changed. Ensure that the admin password is strong enough.

2. Prefer Wi-Fi Protected Access(WPA2 Preferably) instead of Wired Equivalent Privacy(WEP).

WPA’s salient features are strong encryption algorithm, user authentication and support for IEEE 802.1X . Use Wi-Fi Protected Access (WPA) or WPA2 with Pre-Shared Key (PSK) authentication and AES as the encryption standard. The pass phrase should be strong enough.

3. MAC Address Filtering

Access of the clients can be permitted or prevented by providing a list of MAC Addresses in the “MAC Address filter” configuration parameter. This is known as MAC Address filtering. Together with SSID this can also used as a security measure. Select the MAC Address of all the wireless Network interface cards used in the network. The list can be used to permit or prevent the wireless access .

Stay turned for next Posts 

Andriod Secret Codes

Secret Codes For Your Android Mobile by Secret Codes For Your Android Mobile by 

Hi friends, here is a wide collection of secret codes for your mobile with Android OS(Can be Called as Android Tricks). These codes enables you to access the hidden options which are not shown by default on your device, and can be used for testing the functions of various utilities used by your mobile.

Note: We Cannot guaranty that these codes will work on all Android mobiles!

These codes are used only by technicians, So be careful with them and use it at your own risk.

General Codes:

*#06# – Display's IMEI number.

*2767*3855# – This code will Format your device to factory state (will delete everything on phone).

*#*#4636#*#* – Display's Phone information, usage statistics and battery.

*#*#273282*255*663282*#*#* – This code will Immediately backup of all media files.

*#*#197328640#*#* – This code will Enable test mode for service.

*#*#1111#*#* – Will display FTA software version.

*#*#1234#*#* – Will show PDA and firmware version.

*#*#232339#*#* – Wireless LAN tests.

*#*#0842#*#* – This code is used for Backlight/vibration test.

*#12580*369# – Display's Software and hardware info.

*#*#2664#*#* – This code is used for Testing the touchscreen.

*#9900# – System dump mode.

*#9090# – Diagnostic configuration.

*#*#34971539#*#* – Will display Detailed camera information.

*#872564# – USB logging control.

*#301279# – HSDPA/HSUPA Control Menu.

*#7465625# – This code will display phone's lock status.

*#0*# – Enter the service menu on newer phones like Galaxy S III.

*#*#7780#*#* – Reset the /data partition to factory state.

Basic Codes:

*#*#7780#*#* - This code is used for factory restore setting.This will remove Google account setting and System and application data and settings.

*2767*3855# - This code is used for factory format, and will remove all files and settings including the internal memory storage. It will also re install the firmware.

*#*#4636#*#* - This code show information about your phone and battery.

*#*#273283*255*663282*#*#* - This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo.

*#*#197328640#*#* - This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

*#*#7594#*#* - This code enable your "End call / Power" button into direct power off button without asking for selecting any option(silent mode, aero plane and power-off).

*#*#8255#*#* - This code can be used to launch G Talk Service Monitor.

*#*#34971539#*#* - This code is used to get camera information. Please avoid update camera firmware option.

W-LAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* - W-LAN test (Use “Menu” button to start various tests).

*#*#232338#*#* - Shows WiFi MAC address.

*#*#1472365#*#* - GPS test.

*#*#1575#*#* - Another GPS test.

*#*#232331#*#* - Bluetooth test.

*#*#232337#*# - Shows Bluetooth device address.

Codes to launch various Factory Tests:

*#*#0842#*#* - Device test (Vibration test and BackLight test).

*#*#0588#*#* - Proximity sensor test.

*#*#0*#*#* - LCD test.

*#*#2664#*#* - Touch screen test.

*#*#2663#*#* - Touch screen version.

*#*#0283#*#* - Packet Loopback.

*#*#0673#*#* OR *#*#0289#*#* - Melody test.

*#*#3264#*#* - RAM version.

Code for firmware version information:

*#*#1111#*#* - FTA SW Version.

*#*#2222#*#* - FTA HW Version.

*#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number.

*#*#4986*2650468#*#* - PDA, Phone, H/W, RFCallDate.

*#*#1234#*#* - PDA and Phone.

Type of Cyber Crimes

Type of Cyber Crimes & Applicable Law In India

1. Email Hacking :

Case 1
1. Victim’s password has stolen & obscene emails are sent to his/her friends from address book.
2. Section 43,66,67 of IT ACT,2000 & section 509 of IPC.
3. Person who is hacking email account as well as person who is misusing it is responsible for this crime.

Case 2
1. Victim’s password has stolen & hacker tried to threaten victim to extort money from him
2. Section 43,66,of IT ACT,2000 & section 384 of IPC.
3. Person who is hacking email account as well as person who is misusing it is responsible for this crime.

Case 3
1. Victim’s password has stolen & hacker is sending virus, worms or either 419 scam mails from his/her account
2. Section 43,66,of IT ACT,2000
3. Person who is hacking email account as well as person who is misusing it is responsible for this crime.

2. Virus Dissemination

Viruses are programs which affect available files on the computer & spread over networks using internet.

Case 1
1. Virus is targeting individual or specific organization which is not detected by antivirus softwares.
2. Section 43,66 of IT Act,2000 and section 426 of IPC.
3. The virus writer as well as the person who is spreading virus is responsible for this crime.

Case 2
1. The person pirates softwares & send Pirated Cds
2. Section 43,66 of IT Act,2000 & 63 of Copyrighted act.
3. The person who pirates as well as person who buy & use those softwares are responsible.

3. Cyber Pornography Crimes

As per IT act,2000, publishing, transmitting & causing to be published any porn material in electronic format is considered as cyber crime. There are millions of websites which includes pornography material online.

Case 1
1. Suspect abuse specific person by publishing his/her nude/naked pictures, clips & sell it online.
2. Section 67 of IT Act,2000
3. The person who creates & maintain such websites are liable for such crimes.
4. Sometimes cyber café owners are also liable as they are allowing their customers to view such websites.

4. Social Networking (Facebook/Orkut) Fake Profile Impersonation Cases

Case 1
1. Fake profile of female is created & photograph, phone number & address has been posted on the profile.
2. The profile also describes female as prostitute.
3. Section 67 of IT Act,2000 & 509 of IPC.

Case 2
1. Fake Community has been created & wrong information about individual/organization has been posted.
2. Section 153A & 153B of IPC.

5. Web Defacements

1. Crackers/Hackers found loopholes in website. Hacker then replaces the index page with some other page. Hacker can even delete data available of websites.
2. Section 43,66 of IT Act,India & in some cases 67 also.

6. Email Scams

1. Suspect/nigerian sends thousands of emails & convinences victim to get out of lot of money. Suspect can also give lucrative offers like job offers,lottery & investment offers.
2. Section 420 of IPC.
3. Sender of an email, sometimes bank account are liable for this crime.

7. Source Code Theft

Program source code is most important asset of any organization. Source code theft is common in software/IT companies.

Case 1
1. The person theft the code & sell it to the other party after making modification in the source code.
2. Section 43,65,66 of IT Act,2000 & 63 of copyright act.
3. The person who has stolen the code is liable.

Case 2
1. The person theft the code & sell it to the company competitors.
2. Section 43,65,66 of IT Act,2000 & 63 of copyright act.
3. The person who has stolen the code as well as the person who buy such code are liable.

8. Theft of confidential information

Case 1
1. Employee steals confidential information of company & mail to competitors & also post it on to websites & forums.
2. Section 43,66 of IT Act,2000 & 426 of IPC.

Case 2
1. Employee steals confidential information of company & threaten company to make it public unless company pay him money
2. Section 43,66 of IT Act,2000 & 384 of IPC.
3. The person who has stolen information as well as person who threaten victim are liable.

Case 3
1. Business rivals obtains information using hacking,social engineering & use it for their benefits.
2. Section 43,66 of IT Act,2000 & 426 of IPC.
3. The person who has stolen information as well as person who misuse information, both are liable.

9. Online Sale of illegal articles

Sale & Purchase through net There are web site which offer sale and shipment off contrabands drugs They may use the techniques of stenography for hiding the messages. Depending upon illegal iteams,provisions of narcotic drugs,psycotropic substance act,arms act,wild life related laws can also be applied.

10. Credit Card Frauds

Case 1
1. Victim’s Credit cards have been misued on airline websites, online gambling websites, pornography websites.
2. Section 43,66 of IT Act,2000 & 420 of IPC.
3. All persons who have stolen information to who have misused information online are liable.

11. Mobile Crimes

Mobile Phones have become popular means of communications. SMS forging is method to spoof identity of SMS. Call Forging is method to spoof caller ID of Call.

Case 1
1. Suspect has misused victim’s no to send SMS or make call to other person/ competitors.
2. Section 65,66 of IT Act,2000.
3. The person who is misusing the victim’s no as well as company who allows user to change identity of SMS or Call are liable

How to get Phishing protection

Phishing – How not to be caught out

1. Many of those who fall victim to phishing do not like to report it because they feel foolish and gullible. Phishing is indeed ridiculously easy to avoid. If you are worried simply take control. Search online for the name of the organisation that has contacted and ring them.
2. When you open an account, or decide to use an online service, check with your bank whether they send out unsolicited emails and, if they do, what verification methods they use.
3. Do not click on a link in an unsolicited email that says that it will take you a site. If you want to go to the website then use a search engine to find it. Then make a note of the web address for future reference.
4. Always, always check the web address or URL at the top of the web page

Here are some ways in which you can prevent yourself from Phishing:

• Be very careful about not replying to any such spam mails that ask you to confirm or update any information about your account.
• Do not follow any links that come with the spam mails, which will lead you to websites that ask for conformation of your account information.
• Never copy an unknown link from these kinds of spam mails and paste them on your web browsers. These links are made to look very humble by the phishers but they will actually land you to some scam and fraud sites.
• Be careful about opening or saving any document or attachment that come with spam mails. Do not trust these kinds of emails even if they appear to be sent by some authorized entity.
• Never ever send your confidential information about your account in an email.
• It is better to be protected from these scams by using firewall, anti-spyware and anti-virus software. Make sure to update this software regularly for security of your pc.
• Do not respond to those scam mails, which even seem to offer sound business or ask you to avail a refund. The fraudsters often send you phone numbers so that you call them up for business purpose. They use Voice over Internet Protocol technology. With this technology, their calls can never be traced.

You can help other Internet users by spreading the word about "phishing" scams.

• Do forward the spam mails to spam@uce.gov.
• Also send a copy of the mail to the bank or credit card company whose name is impersonated in the email.
• File a complaint with the Federal Trade Commission that you have fallen prey to the phish net. If you fall a victim to phishing then there are high chances that you will also be a victim of ID theft.
• You can also send email to the Anti-Phishing Working Group to reportphishing@antiphishing.org. This organization helps to fight further phishing scams.

Password Tips

1. 
   Use more than one word 
2. Instead of only using the name of someone you know, such as "Allison", choose something about that person no one else knows about, for instance, "AllisonsBear" or "AlliesBear".
3. Use symbols instead of characters
   Many people tend to put the required symbols and numbers at the end of a word they know, for instance, "Allison1234". Unfortunately, this is relatively easy to break. The word "Allison" is in a lot of dictionaries that include common names; once the name is discovered, the attacker has only four more relatively easy characters to guess. Instead, replace one or more of the letters within the word with symbols that you'll easily recall. Many people have their own creative interpretations of what letter some symbols and numbers resemble. For example, try substituting "@" for "A", "!" for "l", a zero (0) for an "O", a "$" for an "S", and a "3" for an "E". With substitutions such as these, "@llis0nbe@r", "A!!isonB3ar", and "A//i$onBear" are all recognizable to you, but they would be extremely difficult to guess or break. Look at the symbols on your keyboard and think of the first character that comes to mind-it might not be what someone else would think of, but you will remember it. Use some of those symbols as substitutions for your passwords from now on.
4. Choose events or people that are on your mind
   To remember a strong password that will have to change in several months, try selecting an upcoming personal or public event. Use this as an opportunity to remind yourself about something pleasant that is going on in your life, or a person whom you admire or love. You won't be likely to forget the password if it is funny or endearing. Make it unique to you. Be sure to make it a phrase of two or more words, and continue to slip in your symbols. For example: "J0hn$Gr@du@tion".
5. Use phonetics in the words
   In general, password dictionaries used by attackers search for words embedded inside your password. As mentioned before, don't hesitate to use the words, but make sure you liberally sprinkle those words with embedded symbols. Another way to trump the attacker is to avoid spelling the words properly, or use funny phonetics that you can remember. For instance, "Run for the hills" could become "R0n4dHiLLs!" or "R0n 4 d Hills!" If your manager's name happens to be Ron, you might even get a chuckle each morning typing this in. If you are a lousy speller, you are ahead of the game already.
6. Don't be afraid to make the password long
   If you remember it better as a full phrase, go ahead and type it in. Longer passwords are much harder to break. And even though it is long, if it is easy for you to remember, you will probably have a lot less trouble getting into your system, even if you aren't the best typist in the world.
7. Use first letters of a phrase
   To create an easy-to-remember and strong password, begin with a properly capitalized and punctuated sentence that is easy for you to remember. For example: "My daughter Kay goes to the International School." Next, take the first letter of each word in your sentence, preserving the capitalization used in the sentence. In the example above "MdKgttIS" would be the result. Finally substitute some non-alphanumeric characters for some of the letters in the password. You might use an "@" to replace an "a" or use an "!" to replace an "L". After one such substitution the example password above would be "MdKgtt!S"-a very difficult password to break, yet a password that is easy for you to remember, as long as you can recall the sentence on which the password is based.

Do's:

• Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.
• Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password.
• Try out using the initial letters of a phrase you love, especially if a number or special character is included.
• Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character. In this manner, you get one unfamiliar thing (which makes a good password because it is easy for you and you alone to remember, but hard for anyone else to discover). Here are a few examples:

"Phone + 4 + you" = "Phone4you" or "Fone4y0u"

"cat + * + Mouse" = "cat*Mouse" or "cat*Mou$e"

"attack + 3 + book" = "attack3booK" or "@tack3booK"

Don'ts:

• Don't use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license tags, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies.
• Don't use any word in any language spelled forward or backward.
• Don't tie passwords to the month, for example, don't use "Mayday" in May.
• Don't create new passwords that are substantially similar to ones you've previously used.

Avoid Credit Card Frauds

Credit Cards are a convenient payment method, although they do carry risks. Fraud with the use of stolen credit cards is committed for the purpose of obtaining goods without paying, to obtain unauthorized funds from a bank account or to sell stolen information further. Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year. While theft is the most obvious form of credit and charge card fraud, it is not the only way fraud occurs. A more subtle form of fraud is misappropriation. The use of your card number (not the card itself) without your permission. Misappropriation may occur in a variety of ways. Examples are:

A phone caller says that you need only provide your card number and its expiration date to qualify for a special discount vacation
A thief rifles through trash to find discarded receipts or carbons to use the card numbers illegally
A dishonest clerk makes an extra imprint from your credit or charge card for his or her personal use
Fraudulent credit card information or credit cards themselves are usually obtained through:

Fake Web Sites
Theft
Pick Pocketing
Phishing
Credit Card Swapping at ATM Machines
Skimming
By being aware of the risks involved, knowing the types of credit card fraud and by following below guidelines you can protect yourself from credit card fraud:

Destroy your expired cards

Immediately sign new cards

Don’t keep your PIN in your wallet

Treat credit cards as if they were real money

Lost or stolen cards should be reported immediately

Be cautious when giving information to websites or unknown individuals

Verify transactions on your statement with your receipts

Keep an eye on the credit card when making transactions in shops
Don’t sign a blank credit card receipt

Don’t borrow your cards – if a friend wants to buy something on the internet and needs a credit card, be with him when doing a transaction or you do the transaction for him (he might become a victim of credit card fraud, due to lack of knowledge).

It doesn't matter whether or not their website is encrypted. Encryption means that your data is secure between your computer and the merchant, not between your computer and the credit card processor. The merchant will have your card number regardless.If you’re buying from an unfamiliar or likely untrustworthy store, consider using a temporary/virtual card number that card companies like Citibank provide.

Create Multiple User Accounts With Single Gmail ID

Today I Am telling you a Gmail secret . An amazing trick.

Friends.
Do u know?
You can create multiple user accounts (IDs) on 90% websites with a single gmail id .

Atleast Every website dont allow you to create more then one account associate with same email id and you know it better..

But if you have gmail account then you can create many accounts on a websites.
Its possible because gmail account don't count dot(.) in email addresses.
thats means
anyname@gmail. com
and
any.name@gmail. com
both are same email address . Yeah if you send email to anyna.me@gmail .com then it wil go to anyname@gmail .com

that means if you already have ur account on a website with yourname@gmail .com
you can create you.rname@gmail .com

but facebook is listed in the 10% websites. it dont allow this even u use dot.
But 90% websites includin twitter will allow you to signup  so enjoy and keep share.