BackTrack 5 Wireless Penetration Testing Beginner’s Guide

 Articles of Interest, Technology & Digital Security  Comments Off
Nov 032011
 

BackTrack 5 Wireless Penetration Testing Beginner’s Guide
Sunday, October 23, 2011
Contributed By:  Dan Dieterle

If you want an easy to follow, step by step guide to analyzing and testing Wi-Fi security, look no further than Vivek Ramachandran’s “Backtrack 5 Wireless Penetration Testing Beginner’s Guide”.
The author masterfully guides you on a path from the basic principles of Wi-Fi to advanced monitoring and attacks.

Vivek starts you out by preparing your wireless lab, installing Backtrack 5, configuring your wireless cards and access point.

Then after a brief overview of wireless frames, you get to work right away by sniffing traffic with Wireshark so you can see what these frames actually look like.

But that is just the beginning.

The author then takes you on a step by step journey of the most common attacks used against WLANs.

This includes everything from bypassing authentication & cracking encryption, to advanced techniques like man-in-the-middle attacks and attacking WPA-Enterprise.

He then finishes the book with discussing Wireless penetration methodology, testing and reporting.

It has been a while since I have seen a book like this. You will learn step by step, command by command, using the ever popular penetration testing platform Backtrack 5.

Each chapter builds on what you have learned in the previous. The text is very clear to follow and the pictures perfectly display and clarify the techniques you are learning.

For best results, you should have at least a basic knowledge of Linux or Backtrack 5 and Wi-Fi.

If you are interested in computer security, and want to learn how Wireless networks are attacked and how to defend against it, then look no further. I highly recommend this book.

* I had the absolute honor of working on this project as a technical editor for Packt Publishing. Vivek is an exceptional person with a deep passion for sharing his knowledge of IT security.

He was one of the winners of Microsoft’s Security Shootout contest in India, worked at Cisco as an Engineer, founded SecurityTube.net, discovered the wireless “Caffe Latte Attack” and presented at numerous security conferences including Blackhat, Defcon and Toorcon.

Direct Link: https://www.infosecisland.com/blogview/17132-BackTrack-5-Wireless-Penetration-Testing-Beginners-Guide.html

Getting Your Hands Dirty In the Fight on Malware, Part 2

 Articles of Interest, Social Media, Technology & Digital Security  Comments Off
Nov 032011
 

Getting Your Hands Dirty In the Fight on Malware, Part 2
By Wade Williamson on October 17, 2011

Analyzing Outbound and Inbound Traffic, and Network Segmentation Can Help Protect Your Network, Even After It Has Been Compromised.

In my previous column I took a long look at modern malware with a focus on how to prevent malware from getting into your network in the first place. In case you missed it, you can read it here.

While we all probably agree that prevention is the best medicine, it’s also foolhardy to believe that prevention alone will be enough to protect us. Whether coming from a non-network source such as a USB drive or simply from a clever attacker who finds a weakness, we have to assume that eventually our networks will be compromised if they haven’t already.

That statement alone is enough to make many security professionals (and their management) a bit prickly, which is certainly understandable. We commit precious time, money and professional effort to defend against threats, and simply presuming that our defenses have been compromised can feel like all that work has been for naught. This is not the case at all.

Assuming that we aren’t compromised just plays into the attackers hands. What we need is to extend the security we have to bring protection to the soft parts of our network that attackers are targeting. Malware and targeted attacks rely on the assumption that if they can get inside the perimeter, that they can build a foothold and dig deeper with less worry of detection. But just because someone is able to break into a bank doesn’t mean that we should just let them walk out with the money. So in that spirit, let’s pick up where we left off and take a look at some of the practical tools and techniques that we can use to identify and stop live malware infections in our networks.

Looking Inward

Traditional enterprise networks have often been described has “hard, crunchy shells with soft, gooey centers”. This refers to the tendency for the external perimeter to be heavily fortified from outside threats, while internal users, traffic and assets tend to be trusted. Attackers have used malware to crack this model and shift the security battle to the inside of the network where security measures are sparse.

While this has been a recognized problem for quite some time, we are finally beginning to see new proposed security architectures that address the problem. Analysts such as Forrester’s John Kindervag have begun to push the notion of the “Zero-Trust Network” (video) where all traffic, including internal traffic is passed through a “segmentation gateway” for analysis. And although many of us may not be able to adopt such a consistently segmented model overnight, there are practical steps that most any enterprise can take today.

The first step is to expand our best threat and application analysis to include outbound traffic as well as inbound traffic. The ongoing command and control traffic is the life-blood of modern malware, and the infection is only the first step in an intrusion that will likely cross our perimeter many times. Given that the malware traffic is flowing in both directions, our defenses should certainly be looking in both directions as well.

Secondly, we should begin segmenting the internal network. A flat, un-segmented network is the hacker’s delight – if you own one machine, you can own the entire network. The network and assets can often be segmented on the basis of application, user and content types. For example, a policy could dictate that only finance managers are allowed to access the database that houses financial data and they can only allow SQL to do so, while all other traffic is denied by default. This not only segments the network based on need, but logs of blocked connections can indicate when someone is trying to get into sensitive assets. And while this is an admittedly simple example, the general process of understanding who needs access to what information, and what application they should use to access it, can be applied to virtually any environment.

Another option is to begin segmenting assets that attackers commonly target for escalation such as domain controllers, email servers or any asset where user identity is managed. These are common targets once an attacker is inside the network because it can allow the attacker to escalate from a low-profile user identity, with relative few network rights, to a far more powerful user role such as a network admin. Unlike our earlier example, the goal here is not to deny access (people need their email), but rather to establish highly granular logging and reporting to identify an intruder that may be skulking around. For example, ping sweeps, or an unusual spike in failed login attempts, or newly created admin accounts should be cause for alarm.

The end goal is to make our networks less flat with better internal controls so that we can get rid of that soft gooey center.

In my next piece, I will cover off on what to look for, now that we are looking in the right places, and how we can often detect telltale signs of malware infections.

Direct Link: http://www.securityweek.com/getting-your-hands-dirty-fight-malware-part-2