Thursday, January 28, 2010
Assignment 2: Question 3: Wireless Security
Project 6.3 Spoof a MAC address using SMAC
Although We often rely on MAC adress filter to prevent unauthorised users from accessing a wireless LAN, MAC addresses can be easily spoofed. Thios project is on spoofing your own PC's MAC adress.
Step: 1 Open a web browser and go to
www.klcconsulting.net/smac. A web page will open up like the following-
Step: 2 Click to download Smac 2.0.
Step: 3 Under evolution edition, click free. this will install the free version of the software.
Step: 4 click download now and the download will begin.
Step: 5 When the file downlaod dialog box appears click save and follow the instructions to save it in a place of your choice. after saving, click on run and follow the instructions to install the program.
Step: 6 Click Finish to launch the application and accept the licence agreement.
Step: 7 You'll be prompted for a registration id.
Click proceed and the application will be started. Smac discovers your network adapter card and displays it.
Step: 8 Click on the network adapter to change the MAC adress.
Step: 9 Record the current MAC address under active MAC. Which was in my case, 00-02-A5-55-79-C2.
Step: 10 Click the random button to create a new2 MAC adress.
Step: 11 Click the update MAC button and then click yes.
You will see that the active MAC address has been changed to the new one.
Step: 12 Reboot your computer.
Step:13 Lets verify that the MAC address has been changed. Open command prompt by clicking Start>Run and typing in "cmd" then press enter.
Step: 14 In the command prompt, type "ipconfig/all" and press Enter. The New MAC address will appear.
Step: 15 To re-enable your original MAC address, launch SMACand click Remove MAC.
Make sure that, the active MAC address is your original one.
Step: 16 Reboot your computer.
Case Project 6.3 Detecting a wireless access point
Rogue wireless access point is one of the most critical security concerns of IT managers today. (Gier,2003). Amongst all other wireless security concerns few are as dengerous as rogue wireless access point. (Pacchiano, 2006).
There are many ways to track down a rogue wireless access point. One of the cheapest and cost effective way is to manually track it down, which can be very time consuming, specially if you are doing it for a very large company. The following steps will get you through the processes-
Step: 1 You need to install a wireless sniffing tool. (e.g. Netstumbler or AirMagnet) in your laptop or pda. I personally recomend Netstumblert as it is very good at detecting all wireless networks within a broadcast area and is free to download from the company's website http://www.netstumbler.com/downloads/
Step: 2 After installation you'll need to walk every where within your network and catch wireless signals.
Step: 3The simplest way, is to take the laptop (which is running Netstumler) and walk in the direction that produces the greatest signal from a questionable access point.
Step: 4 Doing this, you'll soon be able to get whether the signal is coming from within your building or from outside.
Step: 5 If it is coming from your building, keep doing what you've been doing. Which means keep walking to a direction to get stronger signal.
Step: 6 You should be able to narrow down your search to a single room soon.
Step: 7 After that, you just have to hunt down the room to discover the wireless access point.
How to compare any discovered AP's against those AP's that are approved?
Very simple. Just compare the MAC addresses. If the discovered MAC adress is not in the list, this has high potential to be a rogue wireless access point. However, this is not always the case. For example, once a team of network experts were trying to setup a new access point in a small office. While the Manger was trying to establish a connection between his laptop and the new access point, a DHCP server from a nearby office assigned an IP adress to that system. Was that a rogue acess point? ofcourse not. So, sometimes you'll also need to use common sense to help distinguish between a non-threat neighbouriong access point from a serious threat, and trust me this will save you plenty of headaches. (Pacchiano, 2006).
References:
1. Gier, Jim. (January 6, 2003). Identifying rogue access point. Retrieved January 29, 2010 from http://www.wi-fiplanet.com/tutorials/article.php/1564431
2. Pacchiano, Ronald. (March 10, 2006). How to track down rogue wireless access points. Retrieved January 29, 2010 from http://www.smallbusinesscomputing.com/webmaster/article.php/3590656
Assignment 2: Question 2: Cryptography
Project 11-1: Installing hash generators and comparing hashes
This project works with different hash generators. The main aim is to download and use different hash generators and compare there values.
Step: 1 Open up a web browser and type in "md5deep.sourceforge.net" in the address bar and press enter. This will take u to a webpage that looks like this-
Step: 2 Click to download "md5deep"
Step: 3 Now, click on windows binary and download the latest version of the program.
Step: 4 Go to the folder where you've downloaded these files and right click on it and select "extract all". You'll need winrar/winzip installed in your computer for this purpose. If you don't have one already search winzip or winrar in google and download any one of them.
Step: 5 Now where you've extracted all the files go to that folder. Create a microsoft word document that this content- "Now is the time for all good men to come to the aid of their country." The document should look like this-
Step: 6 Now save the document as "Country1.docx" in the same directory that contains the extracted files and then close the document.
Step: 7 Now go to start>run>cmd>press "Enter". This will open up command prompt.
Step: 8 Nevigate to the location of the downloaded folder. to nevigate type in "cd c:\md5deep". you will see that you've succesfully nevigated to that folder. please be careful, as you may have to type in different address instead of "c:\md5deep" if you've extracted those file in a different location.
Step: 9 Enter "MD5DEEP Country1.docx" to start the appliocation.
In my case, I found this one wasn't working. after going through the directory with "dir" command, I came to understand that the file name need extensions aswell. So, I used this command instead- "md5deep.exe Country1.docx.rtf". This worked fine for me.
The application successfully started and produced an md5 hash of country1.docx. Which is shown in the picture below-
The length of this hash is 128 bit. (wikipedia,n.d.).
Step: 10 Now enter "MD5DEEP MD5DEEP.TXT" to start the application and create md5 hash of the accompanying document called "md5deep.txt".
Again, I found this was wrong and used this command instead- "md5deep.exe md5deep.txt". It generated a different hash for this document which looked like this-
The length of this hash is 128 bit. (wikipedia,n.d.).
When you compare the two different hash that has been generated by the md5 hash generator, the "Country1.docx" and the "md5deep.txt" has the same length, which is obvious but the genrated hash was different.
md5 is a strong hash generator, with 128 bits, which means it is very hard to crack, although not impossible. "MD5 rainbow table", which is easily accessible online by anyone, can be used to reverse codemany md5 hashes into strings.
Step: 11 Now, go back and open 'Country1.docx"
Step: 12 Remove the period (.) at the end of the sentence. the document should now look like this, with no period at the end-
Save the document as "Country2.docx" in the same folder.
Step: 13 Now in the command prompt enter "MD5DEEP Country2.docx" so that the application starts and creates hash code for that document.
Again, I found this was wrong and used this command instead- "md5deep.exe Country2.docx.rtf". It generated a different hash for this document which looked like this-
We can see, from those generated hashes that, by only removing a period, the hash that is generated is new and completely different from the other one (Country1.docx). This again shows, how strong the MD5 hash is.
Step: 14 Now lets return to the command promp and perform the same comparison of "Country1.docx" and "Country 2.docx" by using "sha1deep.exe" (Sha-1), "sha256deep.exe" (sha-256) and "whirlpooldeep.exe" (Whirlpool). The results as given below as pictures.
The length of the hashes are as below-
Sha1deep is 160 bit long for both the documents.
Sha256deep is 256 bit long for both the documents.
Whirlpooldeep is 512 bit long for both the documents.
The differences in between these hash algorithms can be told from their lengths. The more longer bits a hash algorithms use, the stronger it is, as it is more hard to crack the algorithm. So, according to that, Whirlpool is the strongest, then comes Sha256, after that sha1 and finally the weakest amongst these are MD5 algorithm.
Step: 15 Exit from the command prompt.
Case Project 11.1 Uses of hashes
Besides ATM's and passwords hashes have many other uses. 3 examples are given below with a short description of each-
In Database: Hashes are used in database for easy grouping. SQL(Structured Querry Language), a very well known querry language uses hash-based techniques for its grouping and aggregtion system. (freepatentsonline, n.d.).
In producing a hash or checksum for data: Using a specified algorithm, hash functions can be used to produce a hash or checksum of data. The value returned, which is a small size type, usually counter- is fairly unique to the given data. The hash value is used to compare large data fields: if the hash values are the same, it means the data values are identical. Thus, hash replaces a large number of very long stringwith much faster counters. (thunderstone.com, n.d.).
In Cisco Routers: Cisco uses MD5 hash algorithm in its router which includes, release description, filesize, BSD checksum, router checksum, etc. While, routing data, cisco routers checks the hash value of the dat to make routing decision. (Cisco, n.d.).
I can use, hash algorithms to store all my passwords in a document. This document can be used if i forget any of my password, but at the same time is quite secured as i have used hash technology to convert the data, so without the key no one can access it.
References:
1. http://en.wikipedia.org/wiki/MD5
2. http://forums.whirlpool.net.au/forum-replies-archive.cfm/1050625.html
3. http://en.wikipedia.org/wiki/SHA_hash_functions
4. http://en.wikipedia.org/wiki/Whirlpool_(cryptography)
5. http://www.freepatentsonline.com/5511190.html
Assignment 2: Question 1: Wireshark
Project 4.1 Using Wireshark protocol Analyzer.
Protocol analyzers, which are also called sniffer's, capture packets to decode and analyze its contents. In this project we will, download and use Wireshark analyzer to decode our own packets.
Step: 1 open your web browser and type in http://www.wireshark.org/ in the address bar. The wireshark download webpage will open which looks like this-
Step: 2 Click and download wireshark.
Step: 3 Under Windows 2000/XP/2003/Vista lnstaller (.exe) click SourceForge-net.
Step: 4 A file download dialog box will appear. click on save and foolow the instructions to save the file in a location of your choice. When saving is done, click and run the installation program and follow the instructions to install the program.
Step: 5 When the installtion is complete, launch wireshark by clicking Start>Allprograms>Wireshark>Wireshark.
Step: 6 below capture on interface you will see your ethernet adapter. click on it to start capturing.
Protocol analyzers, which are also called sniffer's, capture packets to decode and analyze its contents. In this project we will, download and use Wireshark analyzer to decode our own packets.
Step: 1 open your web browser and type in http://www.wireshark.org/ in the address bar. The wireshark download webpage will open which looks like this-
Step: 2 Click and download wireshark.
Step: 3 Under Windows 2000/XP/2003/Vista lnstaller (.exe) click SourceForge-net.
Step: 4 A file download dialog box will appear. click on save and foolow the instructions to save the file in a location of your choice. When saving is done, click and run the installation program and follow the instructions to install the program.
Step: 5 When the installtion is complete, launch wireshark by clicking Start>Allprograms>Wireshark>Wireshark.
Step: 6 below capture on interface you will see your ethernet adapter. click on it to start capturing.
Step: 7 depending on yor networks traffic you will begin to see packets capture.
Now, lets generate some traffic. Go to Start>run type "cmd" and press Enter.
The command prompt will open.
at the command prompt, type "ftp server1". command will be accepted and the window will look like this-
Packets will appear in Wireshark.
Type quit and press enter to return to the command prompt. In my case, I've used ctrl+C to return to the command prompt.
click exit.
Step: 8 Now, lets check whether wireshark can pick up passwords or not. Open a web browser and go to www.bluehost.com/cgi-bin/uftp/. A web page will open up which looks like this-
Step: 9 Enter Gerald as username and happy as password.
You will get an error message says "login failed".
Step 10 Return to the Wireshark window and click on edit>findpacket.
Step: 11 Click String.
Step: 12 Under Filter: Enter Gerald.
Step: 13 Click Find.
Step: 14 According to the project at the bottom of the screen i should have seen the username and the password, which are just entered few minutes ago.
But, in my case after trying several times, I only got this message everytime. Which is because of the solid encryption protection that my d-link wireless modem/rounter is using. Wireshark couldn't decrypt the encrypted data. This is the only way you can stop wireshark from capturing sensitive data, by encryption.
Step: 15 Close all windows and do not save any data.
Whats happening on step 7-8?
On Step 7-8 Wire shark is capturing all the packets within the netwok to decode and analyze their content.
How to prevent Wireshark from capturing these data?
The only method to prevent wireshark from getting sensitive data, is to encode the data that is being sent in a manner that the an outsider cannot decode. In other word, "Encryption".
Friday, December 25, 2009
Assignment 1: Question 4: Anti virus software
This post is for testing the anti-virus software you are using. eicar.com is a virus test file by which you can test the strength of your antivirus software. To perform the test you need to have an anti virus software installed in your computer.
Step: 1|| Check the antivirus settings on your computer. Click Start>Control Panel>Security>Security center.
Step: 2|| The virus protection setting should be on. If not turn it on.
Step: 3|| close all windows.
Step: 4|| Open your web browser and type in http://www.eicar.org/anti_virus_test_file.htm#
Step: 5|| Read all the information carefully before proceeding further.
Step: 6|| Click eicar.com, which contains a fake virus. Wait to see what happens.
In my case, Norton anti virus, detected the virus and stopped from downloading.
Step: 7|| Now click eicar_com.zip. The file contains a fake virus in a compressed (.zip) file.In my case, a winrar browser opens up which looks like this.
Step :8-12|| These steps are unnecessary in my case, as my norton anti virus stopped me from opening the content. and showed this message.
Step: 13|| Return to the web site and this time click eicarcom2.zip. This is a double compressed zip file with a fake virus. A winrar browser opens up.
Step: 14-19|| Double click on eicar_com.zip from the winrar browser. it opens up another browser. 
Double click on eicar.com. My norton anti virus software protects me from the virus and shows this message. 
Subscribe to:
Posts (Atom)