security wireless network: Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs

LINUX DISTRIBUTIONS

The most known is backtrack versions(3 and 4) i will use backtrack4 another distributions wifiaway,wifislax.,everyone of them its specialase in auditoria of wireless network with a lot of programas like: airodump-wireles network scanner aircrack-its use to crack wep pass wireshark-internet traffic escanner It is a simple 3 examples of 3 programs from linux distributions you ask me how did this work how a hacker can use this to penetrate my wireless network: first one we need to download backtrack4http://www.backtrack-linux.org/ this is the link were you can download any backtrack you wish,try with live cd you can install backtrack into your sistem using a virual machine like VMWARE http://www.vmware.com/ this is the oficial site of vmware you need to download wmware workstation 7 you can use 30 days this program afree if you will subscrib (its free)i will put a video on youtube about how to run backtrack4 in vmware its very simple to do this. The youtube movie its show you how can a hacker crack a wireless network(wep key). The second video its about how can you run backtrack4 in vmware its very simple

SNIFFING PROGRAMS

Once penetrade the network the hacker can use snnifing programs such as cain&abel, wireshark,to see the internet trafic into the network with the final goal to steal your passwords. For now i will present only this two programs: cain&abel-its a complex program how has a sniffing tool and a crack tool. The basic idea in the traffic interceptation is that the attacker is interposed between the router and pc atacked so that traffic passes to the attacker pc first and then go to the router,this is the basic idea.i will put an video on this program,one more thing-i use this program under windows. wireshark-its almoust the same tipe that the first one but in this you will need to process a huge cantitate of data.This one its cames with backtrack4 but also can you use under windows.

WHAT CAN WE DO?

As you can see the tools hackers are diverse and complex as I illustrated above and is only a small part of the multitude of ways that we can be attacked, I think we should show more interest in everything around us and especially to new Wireless technology is the future because I believe that the transmission and receipt of data. How can we defend against these attacks, I have some advice: -If you have a wireless router and its has an wep key to have acces change it into an wpa key(choose a key that is not into the dictionary -phone number f.g) -check if at yor network are conected other pc that you know it If you connect through a public Internet network try to keep on mind that someone can spy on you and he can see what password that you type so dont type important psswords(such paypal pass)

lunes, 1 de marzo de 2010

Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs

"For an invincible defence, conseal your form."

"Formlessness means being so subtle and secret that no one can spy on you."

A virtual private network (VPN) is a way to use a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. Because 802.11 LANs use unlicensed frequency bands and can be easily accessible to outsiders either accidentally or with malicious intent, wireless networking provides an important area for VPN deployment and maintenance. Whereas the deployment of wired VPNs is usually restricted to specific cases of telecommuters and remote branch offices, the wireless world is entirely different, and deploying a VPN can be applicable to any wireless link if a high level of security is needed. This includes connections between hosts on a WLAN as well as point-to-point links between wireless bridges. Of course, when 802.11i is finally out and widely implemented, the need for wireless VPN deployment will decrease, but not disappear. As reviewed in the Attack chapters, even before the final draft is released, 802.11i standard implementations already have a handful of security problems. We are quite confident that new attacks against the novel standard will appear and spread as time passes. Besides, in a highly secure environment, one cannot completely rely on a single safeguard, or a single network layer safeguard. Also, there would be security-conscious network managers who prefer to trust tested and tried defense mechanisms, such as IPSec. In the case of point-to-point wireless links it is easier and more economical to deploy a network-to-network VPN than 802.11i-based defenses, including the RADIUS server and user credentials database, while using 802.11i with PSK and no 802.1x is not a good security solution for a high throughput network-to-network link. Either way, wireless VPNs are here to stay and surely deserve a place of their own in this book.

A VPN is the opposite of an expensive system of owned or leased lines that can be used by only one organization. The goal of a VPN is to provide the organization with the same capabilities at a much lower cost. Compare it to point-to-point bridged wireless connectivity solutions, which can also substitute expensive leased lines. VPN and wireless technologies do not compete, but complement each other.

A VPN works by using the shared public infrastructure, while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be entered by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.^[1] A WLAN can be compared to a shared public network infrastructure or, in some cases (hot spots, community nodes), is a shared public network infrastructure.

^[1] www.whatis.com definition

Let's examine the term VPN more closely and try to explain each component in detail, so readers who never encountered VPNs in the real world will have a clear understanding of what we imply here.

The virtual part of the term entails mutually exclusive and peaceful coexistence of two separate networks within single network segments, be it coexistence of IP, IPX, and DDP on the same LAN, or IP, IPSec, and L2TP traffic going through the Internet cloud. The private part acknowledges that the interaction and the underlying network are only understandable to the endpoints of the channel and not to anyone else. Later, you will see that it applies to both secrecy and authenticity of transmitted data. The final network part is pretty much self-explanatory and is a generally accepted definition. Any number of devices that have some common way of communicating with each other, irrespective of their geographic location, constitute a network.

It is a common misconception that a VPN must encrypt the bypassing data, but that is not necessarily true. The VPN is said to comply with three criteria: confidentiality, integrity, and availability. You have to note that no VPN is resistant to DoS or DDoS attacks and cannot guarantee availability on the physical layer due to its virtual nature and reliance on the underlying protocols. Two of the most important VPN features, especially in the wireless communication where you have limited control over the signal spread, are integrity and, most important, confidentiality of the passing data. Take a real-life situation when someone has managed to bypass the WEP encryption and connect to a WLAN. In the non-VPN scenario, he or she will be able to sniff the data and interfere with network operation. However, if the packets are authenticated, man-in-the-middle attacks are nearly impossible to perform, while the data can still be intercepted. Addition of an encryption element to the VPN mitigates the threat presented by data interception.

Therefore, we tend to see VPNs not as strict isolation of communication, but rather a communication that runs in a more controlled environment with exclusively defined groups of permitted participants.

No hay comentarios:

Publicar un comentario

attack methods

ACCESS POINT CLONE (Evil Twin) Traffic Interception – An attacker fools legitimate wireless clients into connecting to the attacker’s own network by placing an unauthorized access point with a stronger signal in close proximity to wireless clients. Users attempt to log into the substitute servers and unknowingly give away passwords and similar sensitive data. JAMMING- Denial of service attacks are also easily applied to wireless networks, where legitimate traffic can not reach clients or the access point because illegitimate traffic overwhelms the frequencies. An attacker with the proper equipment and tools can easily flood the 2.4 GHz frequency, corrupting the signal until the wireless network ceases to function. In addition, cordless phones, baby monitors and other devices that operate on the 2.4 GHz band can disrupt a wireless network using this frequency. These denials of service can originate from outside the work area serviced by the access point, or can inadvertently arrive from other 802.11b devices installed in other work areas that degrade the overall sign. CLIENT-CLIENT ATTACKS Two wireless clients can talk directly to each other, bypassing the access point. Users therefore need to defend clients not just against an external threat but also against each other. File Sharing and Other TCP/IP Service Attacks – Wireless clients running TCP/IP services such as a Web server or file sharing are open to the same exploits and misconfigurations as any user on a wired network. DOS (DENIAL OF SEVICE) – A wireless device floods other wireless client with bogus packets, creating a denial of service attack. In addition, duplicate IP or MAC addresses, both intentional and accidental, can cause disruption on the network. Brute Force Attacks Against Access Point Passwords Most access points use a single key or password that is shared with all connecting wireless clients. Brute force dictionary attacks attempt to compromise this key by methodically testing every possible password. The intruder gains access to the access point once the password is guessed. In addition, passwords can be compromised through less aggressive means. A compromised client can expose the access point. Not changing the keys on a frequent basis or when employees leave the organization also opens the access point to attack. Managing a large number of access points and clients only complicates this issue, encouraging lax security practices. ATTACKS AGAINST ENCRYPTACION 802.11b standard uses an encryption system called WEP (Wired Equivalent Privacy). MISCONFIGURATION Many access points ship in an unsecured configuration in order to emphasize ease of use and rapid deployment. Unless administrators understand wireless security risks and properly configure each unit prior to deployment, these access points will remain at a high risk for attack or misuse

security wireless network

search motor

pages

LINUX DISTRIBUTIONS

related links

SNIFFING PROGRAMS

sniffing programs

WHAT CAN WE DO?

lunes, 1 de marzo de 2010

Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs

No hay comentarios:

looking for some software and you did not find,i can help you!

USEFUL PROGRAMS,antivirus,driver finder,video converter ,every week i will update the this page

my wireless equipment

LINUX DISTRIBUCIONS

some pictures

other useful programs

other useful programs

Seguidores

secure an wlan network

profil

blogcatalog

wep crack

packets injection

need to read the below list

attack methods

security wireless network

search motor

pages

LINUX DISTRIBUTIONS

related links

SNIFFING PROGRAMS

sniffing programs

WHAT CAN WE DO?

lunes, 1 de marzo de 2010

Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs

No hay comentarios:

looking for some software and you did not find,i can help you!

USEFUL PROGRAMS,antivirus,driver finder,video converter ,every week i will update the this page

my wireless equipment

LINUX DISTRIBUCIONS

REGISTRATION HERE

some pictures

other useful programs

other useful programs

Seguidores

secure an wlan network

profil

blogcatalog

wep crack

packets injection

need to read the below list

attack methods