How to Stop a Zombie Attack

No Lights on the right

Now that we know there is no “real” zombie attack, only an attack on several TV and radio stations where someone got into their EAS systems and inserted their own EAS message its time to secure your station’s network to keep this from happening to you. As I read about how this happened it seemed clear that the default passwords on the EAS decoders were a major factor allowing the intruders in. As I know, if you don’t change the default password on your wireless router (and some people do not) anyone can look up the manual and enter it to gain access. The default name is the name of the router which does not help you either, do change the name to but don’t tell them what it’s protecting either. Don’t call it “KMTP_ENG”, try “router02″ so they don’t know what it does and there’s no reason to attack it.

So you should always change the password on any equipment you install as standard practice. And make it a good password and not 12345678. Here’s an entry I wrote a few months back on the subject of passwords and how to make good ones and how to store them – “How’s Your Password“. I now favor typing random keys and tapping the shift key to get a good mix, do this into a text program to store it so you can copy and paste it when needed. Make it as long as possible and add numbers and symbols too.Network Cabling

The other important point of this attack is that they got into the station’s network to be able to get to the EAS equipment. Now I say this thinking that no one got a DSL connection just for IPAWS and the connected that directly up to their EAS decoder, I hope not anyway. As far as I know EAS equipment does not have any firewall protection built in which would leave it wide open to attack, in that case all anyone would need is the IP address and the default password.

You always need a firewall between your equipment and the big bad Internet. But what is a firewall anyway?

From Wikipedia – “A firewall  is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network’s firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external network, such as the Internet, that is not secure and trusted.”

If you use a network router then you have a firewall as almost all of them come with a built in firewall, your computer may incorporate software that acts as a firewall to protect it’s self, but, alas your EAS does not. Now unlike what I have done in the past, which is to unplug critical equipment from the Internet when it’s not needed, your EAS must be connected at all times and that firewall is the only way to do that safely.

Lets assume you have a router and therefore a firewall, how do you know it’s working, just like anything else you test it. There are many websites setup just to do that, with your permission they will attempt to attack your router/firewall and report back to you what they have found. It’s suggested that you test your router/firewall on a regular basis.

What my results looked like

What my results looked like

 

 

 

 

 

 

 

 

 

 

 

I make no promises  but here are a few I found on the Internet and tried on my own system -

http://www.hackerwatch.org/probe/    (this site offers several types of tests, one of which is a browser test that I recommend you run)

https://www.grc.com/x/ne.dll?bh0bkyd2   (this one has links to video blog from Security Now)

https://www.securitymetrics.com/portscan.adp

By using any of these sites you are allowing them to essentially attack you network, make sure your IT department knows about this, unless you are the IT department. None of the tests I ran required me to download anything, they just obtained my IP address and then looked for open ports that would allow an attacker in. My network was safe according to all of them.