SAFEGUARDING YOUR HOMEOWNERS ASSOCIATION AND COMMON AREAS



Similar documents
8 Steps For Network Security Protection

8 Steps for Network Security Protection

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Firewall Design Principles Firewall Characteristics Types of Firewalls

Wireless Network Security

Configure a Microsoft Windows Workstation Internal IP Stateful Firewall

RemotelyAnywhere. Security Considerations

H.264 Quick Start Guide

Online Backup by Mozy. Common Questions

How to Configure Windows Firewall on a Single Computer

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Google Groups: What is Google Groups? About Google Groups and Google Contacts. Using, joining, creating, and sharing content with groups

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

SECUREIT.CO.IL. Tutorial. NetCat. Security Through Hacking. NetCat Tutorial. Straight forward, no nonsense Security tool Tutorials

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

CMPT 471 Networking II

Home Internet Filter User Guide

Potential Targets - Field Devices

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Securing Remote Desktop for Windows XP

NERC CIP Ports & Services. Part 2: Complying With NERC CIP Documentation Requirements

Managing Users and Groups

Penetration Testing Ninjitsu 2: Crouching Netcat, Hidden Vulnerabilities. By Ed Skoudis

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Troubleshooting / FAQ

Apptix Online Backup by Mozy

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

QUICK START GUIDE MONDOPAD/WIN

NOTE: Please refer to the LinkNavigator CD-ROM s IP Setup Utility if you do not know the LinkStation s IP Address or Host Name.

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Web Security School Final Exam

Norton Personal Firewall for Macintosh

Security Considerations White Paper for Cisco Smart Storage 1

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

Lutron Home Control Remote Access FAQ

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Tank Gauges and Security on the Internet

- Basic Router Security -

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

EXPLORER. TFT Filter CONFIGURATION

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Mondopad v1.6. Quick Start

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB


Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications VIDYO

Remote Connection to Your Computers

BM482E Introduction to Computer Security

A Whirlwind Introduction to Honeypots

Cyber Security: Beginners Guide to Firewalls

Firewalls for small business

Web App Security Audit Services

A Roadmap for Securing IIS 5.0

Medical Device Security Health Group Digital Output

Codes of Connection for Devices Connected to Newcastle University ICT Network

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

VPN vs Port Forwarding

Penetration Testing Walkthrough

Analyze. Secure. Defend. Do you hold ECSA credential?

REMOTE ACCESS DDNS CONFIGURATION MANUAL

GoToMyPC and. pcanywhere. expertcity.com. Remote-Access Technologies: A Comparison of

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Security Advice for Instances in the HP Cloud

Two-Factor Authentication and Swivel

How can I keep my account safe from hackers, scammers and spammers?

Lab Objectives & Turn In

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Wireless Encryption Protection

Understanding Secure Shell Host Keys

CRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder,

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

McAfee.com Personal Firewall

Cyber Essentials. Test Specification

FireEye App for Splunk Enterprise

Security Issues with Integrated Smart Buildings

What is the Cloud? Computer Basics Web Apps and the Cloud. Page 1

LogMeIn Rescue+Mobile for Android

Cyber Essentials PLUS. Common Test Specification

File Transfer Examples. Running commands on other computers and transferring files between computers

Advice on Using Dada Mail

Set internet safety parental controls with Windows

Multi-Factor Network Authentication

Protection from Fraud and Identity Theft

My FreeScan Vulnerabilities Report

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Kautilya: Teensy beyond shells

Polycom Recommended Best Security Practices for Unified Communications

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

University of Hawaii at Manoa Professor: Kazuo Sugihara

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Tunnels and Redirectors

Exam Questions SY0-401

Transition Networks White Paper. Network Security. Why Authentication Matters YOUR NETWORK. OUR CONNECTION.

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

WIFI PineApple Mark V & Mobile Device Traffic

BYOD Guidance: BlackBerry Secure Work Space

Transcription:

SAFEGUARDING YOUR HOMEOWNERS ASSOCIATION AND COMMON AREAS March 2011 www.cybersecurityguy.com 1

2

SAFEGUARDING YOUR HOMEOWNER'S ASSOCIATION AND COMMON AREAS Many Homeowner Associations provide security of their common areas through the use of cardkey access and security cameras, and many of these systems are connected to the Internet and wireless networks to make remote management and access easier. Unfortunately, most Internet and security system installers have little knowledge of Internet-based security threats and proper defenses. Installers generally focus upon enabling this remote access in the simplest manner possible, usually by retaining the default passwords and not enabling any of the optional security features. Most security installers, if using something other than a default password, will use the same password on all their systems, just so that the next security technician won't have a problem getting back into the device later. ENHANCING PUBLIC AWARENESS AND IMPROVING SECURITY It is important to make sure that your environments are secure. It is entirely possible for someone on the Internet to access and control your security camera and badge reader systems. This is especially concerning when dealing with children. Imagine a child predator watching over your HOA video cameras at your pool, waiting for the adult to use the restroom, and then taking that opportunity to unlock the cardkey door system and grab the child. In order to help bring awareness of this situation and advance security in this area, Cyber Security Guy is working with US-CERT and several security device manufacturers to enhance controls in security products and provide better documentation to installers. A first-of-its kind Android application, named Caribou, was developed as a proof-of-concept and shows how easy it is to gain access to widely popular cardkey access control systems. Read more about this and see a demonstration of the Caribou app at www.cybersecurityguy.com. 1

ACTION ITEMS 1. Secure the supporting computer systems. Make sure the computers supporting your security systems are properly secured by following the action items listed in Safeguarding your Windows Computer. 2. Avoid unnecessary network access to your security devices. Avoid placing any security control system, such as a cardkey access system or camera, on the Internet or any wireless network. 3. Enable the security options on your security devices. Review the manual for the security devices and configure any and all security options. Most importantly: A. Configure the security device with a complex password. B. Enable any encryption capabilities. If you have the choice between different types of encryption algorithms, use AES-256 (best) or AES-128. C. Disable any unnecessary services that may be on the device, like TELNET, FTP and TFTP. You'll need to test all of the functions of the device after you've done this to make sure everything is still working properly. D. Change the names or disable any default or built-in account. For example, rename "Administrator" to something unique, and disable the "Guest" account. E. Change the default "TCP" or "UDP" ports the device will be listening to on the Internet. You can think of these numbers like a telephone number extension. Hackers will scan Internet addresses to see if these extensions answer, and if they do, they'll generally know what type of system it is, and what kind of an attack or compromise to use to exploit the system. For example, if the device uses "TCP port 12345", change it to another number higher than 1023, such as "TCP port 52841" (use your own number). You will need to configure the client-side software with the same number. If you interact with the device from a web interface and you change the "TCP port" for this interface, you would insert this number into the URL, so instead of "https://yoursystem" you would use "https://yoursystem:52841". F. Enable logging so that if your device is compromised you have a chance of spotting unusual activity. 4. Restrict Internet access to your security devices. For those systems which must be Internet-accessible, configure your Internet router/firewall to allow access in to these devices on the specific "TCP" and "UDP" ports that are needed. If you have the capability with your router/firewall, also limit the ability to access these devices from specific Internet IP addresses or ranges that you'll be connecting to it from. If you need to access this device from a home Internet connection instead of a business, this becomes slightly more complicated, as your IP address will likely be somewhat random. However, you can still define a range by calling your ISP and asking them for the possible IP ranges that may be used in your area. 5. Try to break into your own system. Test to verify that you cannot get access to your security device in a way other than you have 2

configured it, such as from access from other networks or using different passwords. For more thorough testing, hire a security professional skilled in penetration testing, or perhaps find someone within your own community who would be willing to do this for free. 6. Maintain and monitor the security devices. On a regular basis, check the health of the devices to make sure they are working properly. This is a good time to quickly review any logs that have been enabled to look for signs of unusual activity. FREQUENTLY ASKED QUESTIONS Q. You say that security companies don't do a good job at securing the devices they install against Internet-based threats. Why? A. There is a higher level of skill required when it comes to defending against Internet-based threats. Traditional security companies are generally more focused upon physical security and generally lack people with skills and experience in cyber security. Cyber security professionals generally make upwards of $80,000/year, whereas security installers makes less than half that, so these companies simply can't afford people with this skill set. Q. My installer said that I couldn't change the default password on my device because otherwise their company wouldn't be able to get in to manage it. What should I do? A. I would recommend contacting company management to point out the security issue and request they reconsider. Otherwise, do business with someone else who takes security more seriously. 3

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information