I recently performed a security audit for a local retailer that provided wireless internet access as a convenience to its customers. This wireless access point (WAP) was set up by a relative of the proprietor who “knows a lot about computers”. Like many of these hot-spots, customers didn’t need a password, or any special configuration to get on the internet. I often see wireless routers configured like this even in businesses that have no intention of providing public access. I turned on my laptop and was easily connected. I had no problems getting on the internet - very easy and convenient. I also had no problems getting on their internal network. In less than a minute, I was looking at the files on the company’s point of sale and inventory management computer - files which I could have deleted, or altered, or copied. I didn’t even use any special tools or secret scanning software to do it. In fact, a person with the very basic knowledge of how to read Windows network configuration information could have done the same thing. Fortunately, my intent was to find problems like these and get them fixed.
Get the whole story
Gartner Web Development, LLC
An IT and Web Technology Consultancy
Category Archives: Security
Three easy steps to secure your wireless network
The Best Way to Send Email to Multiple Recipients
Because worms and viruses are often spread through email, Gartner Web Development recommends multiple recipients not be placed in the ‘To:’ or ‘Cc:’ fields when emailing several people. When you place multiple recipients in the ‘To:’ or ‘Cc:’ field, all of the recipients receive the email addresses of all other recipients - as does anyone else that your message is forwarded to.
Typically, email based viruses and worms spread by scanning all files on the infected computer for email addresses. The virus then sends itself to all of the addresses that it finds. When we place multiple recipients in the ‘To:’ or ‘Cc:’ fields all of the recipients gain a larger profile to potential virus or worm exposure. Additionally, other malicious programs, including those that generate spam use a similar technique. Once an address is in a spam database, the amount of junk email that we receive in our inboxes can increase exponentially.
Get the whole story
What are your employees doing?
Ask most people how to mitigate the security risks involved in connecting their computer to the internet, and they’ll usually suggest anti-virus software with current virus pattern updates and firewall protection. While these two things are an absolute must for all systems on your company network, and single systems connected to the internet, alike, there are other “attack vectors” that are often overlooked. First, let’s take a look at exactly what it is that we are securing by loosely defining the expectations of most businesses regarding computer resources.
What do you expect?
As a small business, we expect several things from our computers and computer networks. This is by no means a comprehensive list - just the basics:
- Increased employee productivity through data organization, centralizing documents, shared printers, etc. while facilitating the ability to work more efficiently as a team.
- Internet access for email, vendor and support web sites, research, and maybe a little surfing during one of those working lunches
- Protection of financial data, trade secrets, confidential employee data, customer data, etc.
- Verifiable regular backup of this valuable data
- Reliability and ease of use - we want it to work.
Michelle Gartner - Co-Founder: