If like me, you manage one or more Joomla websites, you will no doubt be aware of the sorry lack of user friendly documentation and the appalling lack of a powerful native log facility. This seems to me to be an enormous oversight on the part of the developers however it is possible with a little jiggery pokery to get the information you need. 

I noticed recently that there were enormous amounts (1500 per day) of failed login attempts at the default backend URL (site.com/administrator/). This is to be expected of any installation like this however one cannot help but feel uneasy at the incessant minute by minute brute force dictionary attacks rolling by in the log. If your passwords are secure then you'll almost certainly be fine. If your administrator username is anything but admin, you'll be even better. Still I wasn't satisfied and I decided to call in the big guns.

The Information Commissioner's Office today published new guidance for home Wi-Fi security after a YouGov report found that 40% of home users did not understand how to manage the security settings on their networks.

The survey also found that in spite of most ISPs now setting up and installing security on Wi-Fi equipment, 16% of the people surveyed were unsure whether or not they were using a secured network, or were aware they weren't, but didn't give a toss either way.

The new guidance includes information on managing encryption settings and how to think of a secure password. Top tip? Don't use pa55w0rd.

Giving people unsolicited access to your network could reduce connection speed, cause you to exceed data caps, or allow hordes of criminals to use your network for nefarious purposes, said the ICO.

Welcoming the move, D-Link's Chris Davies pointed out that there was no excuse for being caught out.

"There is no doubt that in the past setting up security on wireless networks could be tricky," said Chris. "But this is no longer the case with most wireless products.

"Security can be set up wiin a couple of minutes with no prior technical knowledge required. We've also been working with ISPs to help them ship products to consumers with security pre-configured."

Let's just hope the ICO doesn't start fining home users for data breaches. Or maybe that would be the kick in the butt some of them need?

As IT systems continue to extend across multiple environments, IT security threats and vulnerabilities have likewise continued to evolve.

Whether from the growing insider threat of rogue and unauthorised internal sources, or from the ever increasing number of external attacks, organisations are more susceptible than ever to crippling attacks. It's almost become simply a matter of "when it will happen" rather than "if it will happen."

For IT resellers, security issues have always persisted as critical to all communications for an organisation's IT department.

However, with the increase in the levels of access to a company's network compounded by these maturing threats, it is no longer feasible to merely recognise the existence of more simplistic, perimeter threats.

Resellers must be able to provide customers with a comprehensive risk assessment of the entirety of an organisation's IT assets to their vulnerabilities--inclusive of both software and hardware.

This risk assessment must incorporate an understanding of external threats and internal vulnerabilities and how the two continue to merge to create increasingly susceptible IT environments.

At the most basic level, organisations and resellers alike must understand the different types of threats. Malware, a generic term for malicious software, such as trojan horses, worms, and viruses, is the most common form of attack that is originated by an external hacker. Malware attacks have persisted for years - from the infamous Morris worm to common spyware attacks - and they remain the easiest and most damaging tactic deployed by malicious hackers.

With enterprises extending to the cloud, and more organisations adopting SaaS-based applications, social media and other Web 2.0 tools, damaging malware attacks and viruses can now originate through simple SPAM messages and emails.

Internally, organisations are typically susceptible to threats from either authorised rogue users who abuse privileged accounts and identities to access sensitive information, or unauthorised users who use their knowledge of administrative credentials to subvert security systems. It is this type of vulnerability - unauthorised internal access - that has continued to emerge as the most volatile and disruptive.

To truly understand the risks involved with these "insider threats", organisations and resellers need to understand the root of the vulnerabilities.

Most commonly, the risks lie with the use of embedded credentials, most notably hard coded passwords, a practice employed by software developers to provide access to administrators during the development process. The practice occurs frequently since application developers tend to be more focused on the development and release cycle of the application, rather than any security concerns. While it may appear harmless at first glance, it is extremely risky as it can potentially provide unauthorised users with powerful, complete access to IT systems.

To compound the matter, by hardcoding passwords to cover embedded credentials, vendors create a problem that cannot be easily fixed nor assuaged by tools such as Privileged Identity Management systems. Once embedded into an application, the passwords cannot be removed without damaging the system. At the end of the day, the passwords provide malicious outsiders with a bulls eye target - a key vulnerability to leverage to help them gain powerful access and control on a target device, and potentially throughout the entire organisation.

One of the most well known examples is the Stuxnet virus. We've all been blown away by the design of Stuxnet, and were surprised by the pathway the virus took in targeting SCADA systems. Reflection shows that the virus used the hard coded password vulnerability to target these systems - which should serve as a lesson for all businesses.

The existence of vulnerabilities embedded within these types of systems is not necessarily new, but the emergence of new threats continues to shed light on the ease with which they can be leveraged for an attack. While malicious outsiders and insiders have focused often on the administrative credentials on typical systems like servers, databases and the like, in reality, IT organisations need to identify every asset that has a microprocessor, memory or an application/process. From copiers to scanners, these devices all have similar embedded credentials that represent significant organisational vulnerabilities.

While steps can be taken to proactively manage embedded credentials without hardcoding them in the first place - Privileged Identity Management tools can help - the onus is on the organisation, and the reseller, to ensure that a holistic view of all vulnerabilities and risks has been taken.

DHCP snooping is a DHCP feature that provides security by filtering untrusted DHCP messages from hosts or other devices on the network. DHCP snooping accomplishes this level of security by building and maintaining a DHCP snooping binding table.

An untrusted DHCP message is a DHCP message that the switch receives from outside the network or firewall or from an unauthorised DHCP server that can cause security attacks within a network. DHCP snooping is used along with the interface tracking feature, which inserts option 82 in the DHCP messages by the switch. Option 82 is the Relay Agent Information Option as described in RFC 3046.

The use of DHCP snooping extends existing security capabilities, including the capability to trust a port as a DHCP server and prevent unauthorised DHCP server responses from untrusted access ports. Another DHCP snooping supported feature is per-port DHCP message rate limiting, which is configurable in packets per second (pps) and is used to prevent DoS attacks. The DHCP snooping feature is useful in ISP networks, university campuses and Long Range Ethernet (LRE) network scenarios to prevent misconfigured or malicious DHCP servers from causing user-connectivity problems (such as giving out bogus DHCP addresses).

DHCP snooping builds a DHCP binding table that contains client IP addresses, MAC addresses, ports, VLAN numbers, leases and binding types. Switches support the enabling of the DHCP snooping feature on a per VLAN basis. With this feature the switch intercepts all DHCP messages within the layer 2 VLAN domain. With option 82 enabled, the Supervisor Engine adds the ingress module, port, VLAN and switch MAC address to the packet before forwarding the DHCP request to the DHCP server. The DHCP server can track the IP address that it assigns from the DHCP pool.

With this feature the switch restricts end-user ports (untrusted ports) to sending only DHCP requests, while all other types of DHCP traffic, such as DHCP offer responses, are dropped by the switch. DHCP snooping trusted ports are the ones connected to the known DHCP servers or uplink ports to the distribution switch that provide the path to the DHCP server. Trusted ports can send and receive any DHCP message . In this manner the switch allows only trusted DHCP serves to give out DHCP addresses via DHCP responses. Therefore this feature prevents users from setting up their own DHCP servers and providing unauthorised addresses.

In summary, DHCP snooping with option 82 provides an excellent mechanism to prevent DHCP DoS attacks or misconfigured clients from causing anomalous behaviour in the network.