WiFi Security

Recently we attended the cPanel conference in Hoston TX.  The event, like usual, was put on by a professional staff – and there is much we learned.   It is important to note however security did not seem to be a concern when it came to the networking side of things at the event.

The first day, as tweeted, the cPanel event lacked WiFi for the better 1/2 of the morning due to issues with the Hotel itself.  This rose to a number of rouge access points being setup, of which multiple persons logged into.   These access points were giving the SSID such as “Official cPanel Wifi”, “cPanel Wireless” and many more various flavors using the cPanel name.

We logged into one such interface and turned on my systems security just to see what would happen and sure enough – someone came knocking and trying to gain access to our file system.   The real fun part here is that virtually all of these fake access points were “point-to-point” connections and folks were hooking into someone’s laptop.

Next Year for 2010 – cPanel should think about setting up a captive Portal – one for which upon registration at the conference one is given their own user/pass to gain access to the network.   A simple x86 system running PFSense would do this in a heartbeat.   Through that system it would be wise to turn off netbios and other system-to-system traffic as well as redirect all port 2086 traffic to port 2087.    Sadly – many users at the event are green behind the ears when it comes to security and systems administration…

While it is important to note – cPanel did nothing wrong here – it is also important to note that cPanel in the future would be wise to setup the infrastructure to assist in protecting their more greener clients from the bad boys in the room.

Just on our Mac alone – we saw a ton of cPanel employee computers sitting in the connection bin via Bonjour , as was Softlayers, the Planet, Microsoft’s  and HostDimes.  Blocking these types of services would be a great start in ensuring the security of the cPanel users both seasoned and the newbies on the block.

As for our Macs – We run through ssh and proxy always