I was recently the victim of a hacker. Fortunately this was an intentional hack but still opened my eyes to a few security vulnerabilities. Like many of you I use a laptop as my office workstation. As such I utilize strong passwords and encryption on sensitive files etc. I did not however give much thought to the internal wireless adapter on my laptop being active since we did not have a an internal wireless network and I never used the internal wireless card opting instead to utilize my broadband card for remote support. During a recent audit I had left my laptop on and connected as I do occasionally as a backup for remote support purposes and the occasional after hours msdn software download. As fate would have it on that particular night our external auditors were running a penetration test and were scanning for wireless devises from the parking lot. Although my laptop was physically secure they were able to discover my laptop via the wireless adapter leveraging some windows vulnerabilities and were able to bridge my internal wireless adapter. By utilizing some additional hacking tools and techniques they were able to breech files and information locally on my laptop. One such file was an encrypted password file that contained a list of sa logons. Fortunately the logons were stale (old) and they were not able to breech the network or any of the SQL Server environments. However, they were able to access some information that they should not have had access to and provided some embarrassing moments for a Sr. DBA.
1) I disabled the wireless adapter on my Laptop
2) Changed Network Logon credentials
3) I created a scheduled task the shuts down my laptop at 6:00 pm or if an hour of inactivity has elapsed
4) Moved any sensitive data like the encrypted password file to a secure location on the network and re-encrypted with a stronger encryption method (128 bit)
5) Removed and\or tightened security on any shares
1) Be cognizant of your surroundings and think about threats from uncommon sources
2) Disable the wireless on your laptop
3) Don’t keep sensitive information on your local drive
4)Secure sensitive information in a network location with password and encryption protection
5) No public shares. Remove and\or alter the permissions to only those uesers or domain groups that need access to the local share.
6) Don’t leave your laptop (or work station) on for extended periods of time unattended even if it is in a secured location.
I know this is common sense but we all get busy at times and\or fall victim to a false sense of security(as I did).