security wireless network: Counterintelligence: Wireless IDS Systems

LINUX DISTRIBUTIONS

The most known is backtrack versions(3 and 4) i will use backtrack4 another distributions wifiaway,wifislax.,everyone of them its specialase in auditoria of wireless network with a lot of programas like: airodump-wireles network scanner aircrack-its use to crack wep pass wireshark-internet traffic escanner It is a simple 3 examples of 3 programs from linux distributions you ask me how did this work how a hacker can use this to penetrate my wireless network: first one we need to download backtrack4http://www.backtrack-linux.org/ this is the link were you can download any backtrack you wish,try with live cd you can install backtrack into your sistem using a virual machine like VMWARE http://www.vmware.com/ this is the oficial site of vmware you need to download wmware workstation 7 you can use 30 days this program afree if you will subscrib (its free)i will put a video on youtube about how to run backtrack4 in vmware its very simple to do this. The youtube movie its show you how can a hacker crack a wireless network(wep key). The second video its about how can you run backtrack4 in vmware its very simple

SNIFFING PROGRAMS

Once penetrade the network the hacker can use snnifing programs such as cain&abel, wireshark,to see the internet trafic into the network with the final goal to steal your passwords. For now i will present only this two programs: cain&abel-its a complex program how has a sniffing tool and a crack tool. The basic idea in the traffic interceptation is that the attacker is interposed between the router and pc atacked so that traffic passes to the attacker pc first and then go to the router,this is the basic idea.i will put an video on this program,one more thing-i use this program under windows. wireshark-its almoust the same tipe that the first one but in this you will need to process a huge cantitate of data.This one its cames with backtrack4 but also can you use under windows.

WHAT CAN WE DO?

As you can see the tools hackers are diverse and complex as I illustrated above and is only a small part of the multitude of ways that we can be attacked, I think we should show more interest in everything around us and especially to new Wireless technology is the future because I believe that the transmission and receipt of data. How can we defend against these attacks, I have some advice: -If you have a wireless router and its has an wep key to have acces change it into an wpa key(choose a key that is not into the dictionary -phone number f.g) -check if at yor network are conected other pc that you know it If you connect through a public Internet network try to keep on mind that someone can spy on you and he can see what password that you type so dont type important psswords(such paypal pass)

lunes, 1 de marzo de 2010

Counterintelligence: Wireless IDS Systems

"Assess opponents conditions, observe what they do, and you can find out their plans and measures. "

Intrusion detection systems (IDSs) are divided into two major categories: signature-based and knowledge-based.

Signature-based IDSs are the most common and easy to implement, but they are also the easiest to bypass and lack the capability to detect novel attacks. These IDSs compare events on the network to signs of known attacks called attack signatures. If a hacking tool is modified to alter some part of its attack signature, the attack is likely to go unmentioned. Besides, the attack signatures database has to be well secured and frequently updated.

Knowledge-based IDSs monitor the network, collect statistics about standard network behavior, detect possible deviations, and flag them as suspicious. For these reasons, knowledge-based IDSs are also called behavior-based or statistical. Proper network baselining is essential for efficient statistical IDS operations. Although knowledge-based IDSs are not easily fooled, their main problems are false positives and difficulties detecting some covert channel communications. The possibility of false-alarm generation is particularly worrisome on wireless networks due to the unreliable nature of the Layer 1 medium. Also, attacks launched at the early stage of the baselining period can severely interfere with the IDS learning process, making deployment of a knowledge-based IDS on a production network a somewhat risky task. What if the "normal" behavior of the network is already altered by a cracker at the moment of IDS deployment?

We believe that a proper wireless IDS should belong to both categories simultaneously. Few wireless attack tools have specific attack signatures, as discussed in this chapter. The signatures that do exist can be matched against the database of known attack traces to trigger the alarm. However, many wireless attacks do not generate specific signatures, but instead cause a deviation from the standard network operation on lower network layers. This deviation can be as subtle as few wireless frames coming out of sequence or as straightforward as tripled bandwidth consumption on the WLAN. Detecting wireless network behavior abnormalities is not an easy task, because no two wireless networks are the same. A similar principle applies to the wired LANs, but wired networks do not suffer from radio interference, signal refraction, reflection, and scattering issues. They do not have roaming users and stretch CAT 5 cables out of the office window to give access to the potential attackers on streets. Thus, the key to efficient intrusion detection on WLANs is detailed network baselining over a significant time period.

Only by collecting a large number of statistics about the particular WLAN behavior is it possible to determine what constitutes abnormal behavior and what doesn't, and to distinguish connectivity problems, user errors, and malicious attacks. Multiple 802.1x/LEAP authentication requests might constitute a brute-forcing attempt. At the same time, it could be a user guessing his or her forgotten password, or a badly written supplicant application that attempts to log in until the correct password is entered. An increased number of beacon frames per second might signal a DoS attack or rogue access point presence, but it could also be a faulty or misconfigured access point. Higher layer IDS alarm-triggering events, such as a large number of fragmented packets or abundant TCP SYN requests, can indicate a possible portscan or DoS attack, but might also be a result of a Layer 1 connectivity problem on a WLAN. Fire up your Ethereal or similar protocol analyzer on a wireless interface and subject the network to a high level of RF interference; you will see all kinds of damaged and incomplete packets identified as various obscure protocols by your sniffer (Banyan Vines, anyone?). It is not surprising that some of these malformed packets can accidentally trigger an IDS alarm. After some investigation, the "evil cracker" can turn out to be a Bluetooth dongle or microwave oven creating RF interference in the network area.

No hay comentarios:

Publicar un comentario

attack methods

ACCESS POINT CLONE (Evil Twin) Traffic Interception – An attacker fools legitimate wireless clients into connecting to the attacker’s own network by placing an unauthorized access point with a stronger signal in close proximity to wireless clients. Users attempt to log into the substitute servers and unknowingly give away passwords and similar sensitive data. JAMMING- Denial of service attacks are also easily applied to wireless networks, where legitimate traffic can not reach clients or the access point because illegitimate traffic overwhelms the frequencies. An attacker with the proper equipment and tools can easily flood the 2.4 GHz frequency, corrupting the signal until the wireless network ceases to function. In addition, cordless phones, baby monitors and other devices that operate on the 2.4 GHz band can disrupt a wireless network using this frequency. These denials of service can originate from outside the work area serviced by the access point, or can inadvertently arrive from other 802.11b devices installed in other work areas that degrade the overall sign. CLIENT-CLIENT ATTACKS Two wireless clients can talk directly to each other, bypassing the access point. Users therefore need to defend clients not just against an external threat but also against each other. File Sharing and Other TCP/IP Service Attacks – Wireless clients running TCP/IP services such as a Web server or file sharing are open to the same exploits and misconfigurations as any user on a wired network. DOS (DENIAL OF SEVICE) – A wireless device floods other wireless client with bogus packets, creating a denial of service attack. In addition, duplicate IP or MAC addresses, both intentional and accidental, can cause disruption on the network. Brute Force Attacks Against Access Point Passwords Most access points use a single key or password that is shared with all connecting wireless clients. Brute force dictionary attacks attempt to compromise this key by methodically testing every possible password. The intruder gains access to the access point once the password is guessed. In addition, passwords can be compromised through less aggressive means. A compromised client can expose the access point. Not changing the keys on a frequent basis or when employees leave the organization also opens the access point to attack. Managing a large number of access points and clients only complicates this issue, encouraging lax security practices. ATTACKS AGAINST ENCRYPTACION 802.11b standard uses an encryption system called WEP (Wired Equivalent Privacy). MISCONFIGURATION Many access points ship in an unsecured configuration in order to emphasize ease of use and rapid deployment. Unless administrators understand wireless security risks and properly configure each unit prior to deployment, these access points will remain at a high risk for attack or misuse

security wireless network

search motor

pages

LINUX DISTRIBUTIONS

related links

SNIFFING PROGRAMS

sniffing programs

WHAT CAN WE DO?

lunes, 1 de marzo de 2010

Counterintelligence: Wireless IDS Systems

No hay comentarios:

looking for some software and you did not find,i can help you!

USEFUL PROGRAMS,antivirus,driver finder,video converter ,every week i will update the this page

my wireless equipment

LINUX DISTRIBUCIONS

some pictures

other useful programs

other useful programs

Seguidores

secure an wlan network

profil

blogcatalog

wep crack

packets injection

need to read the below list

attack methods

security wireless network

search motor

pages

LINUX DISTRIBUTIONS

related links

SNIFFING PROGRAMS

sniffing programs

WHAT CAN WE DO?

lunes, 1 de marzo de 2010

Counterintelligence: Wireless IDS Systems

No hay comentarios:

looking for some software and you did not find,i can help you!

USEFUL PROGRAMS,antivirus,driver finder,video converter ,every week i will update the this page

my wireless equipment

LINUX DISTRIBUCIONS

REGISTRATION HERE

some pictures

other useful programs

other useful programs

Seguidores

secure an wlan network

profil

blogcatalog

wep crack

packets injection

need to read the below list

attack methods