Wireless security - Detecting rouge access point

According to Deraison & Gula (2009) detecting wireless access points is a major source of activity for many enterprise security groups and they suggest manual inspection and dedicated system audits as two methods that can be used for this task.

Manual audits
Conducting a system audit with a wireless enabled notebook computer or a PDA device and walking around the network premises will help locate any access points connected and transmitting wireless signals. This would require physical access to all locations of the network. Utilizing RF scanning systems would assist in pin pointing the access point locations much easily.


Dedicated auditing can use some of the techniques as below.
Centralized monitoring
There are solutions available that can utilize authorized access points of the company network to transmit any other wireless signals they detect to a centralized consol. Jim Geier (2003) identifies Air Wave as an example. By examining this data would help to identify any unauthorized connections from a central point and this method suits any large network.

Port scanning
Employing software tools to do a TCP port scan of the company network would list all devices with port 80 enabled. Port 80 is associated with HTTP protocol network traffic and Geier (2003) points this technique will detect web servers, printers and nearly all access points. This method would also suit large networks.

Nessus vulnerability scanner is an example of software that performs port scanning.

Once the access points are identified, further checks will be required to determine if the access point is really a rogue access point.

Check if default SSID is used
Check if SSID is set to broadcast
Check if default administrator account is accessible using default password
Check if MAC address filtering is used
Vendor name, device type, model
Security configuration
Check if encryption is used

Finding items in the above list with default values in use or no values set are indicators the access point is a rogue one according to Peláez (2004).

References

Deraison, R, Gula, R, 2009, Using nessus to detect wireless access points,
http://www.nessus.org/whitepapers/wap-id-nessus.pdf

Geier, J, 2003, Identifying rogue access points,
http://www.wi-fiplanet.com/tutorials/article.php/1564431/Identifying-Rogue-Access-Points.htm


¬Peláez, R, 2004, Auditing 802.11 wireless networks focusing on the Linksys BEFW11S4
Access Point, An auditors perspective, http://it-audit.sans.org/community/papers/auditing-80211-wireless-networks-focusing-linksys-befw11s4-access-point_121

Pacchiano, R, 2006, How to Track Down Rogue Wireless Access Points,
http://www.smallbusinesscomputing.com/webmaster/article.php/3590656/How-to-Track-Down-Rogue-Wireless-Access-Points.htm

Vulnerability assessment - Nessus Vulnerability Scanner

Download Nessus vulnerability scanner

Fill requested information and submit.

Start server

Use default values and obtain activation code.

Start client

This step could not be performed successfully due to below error.

Wireless security - Spoof a MAC address using SMAC

Download SMAC from www.klcconsulting.net/smac

SMAC 2.0 allows (Media Access Control) MAC address to be changed for a network adaptor or otherwise known as spoofing the MAC address.

This task demonstrates how to exploit a vulnerability that is present in wireless networks. An attacker could find out a valid MAC address allowed by an access point, spoof the attackers network adapter to use the allowed MAC address and connect to the network.

Install and run application

View the MAC address

Update to a new MAC address

The evaluation copy allows 0C-0C-0C-0C-0C-0C to be updated. The program also had to be run as administrator for Windows Vista version.

Start a command prompt

View the adapter information

Type ipconfig/all and enter. The updated MAC is displayed.

Cryptography - Hash generators & comparing hashes

Hash

One of the basic algorithms of cryptography is the hashing algorithm. Given an original block of message the algorithm will generate a hash that is unique for this particular message.
Advantage of a hash is that it is not feasible to compute the original message by reverse calculating the hash.
A common use of a hash is to check the integrity of a message. As an example ATMs use the hashed password stored on the card and the entered password hashed to validate the user.

MD5Deep

This is a set of programs to compute various hash keys for a given input file or files.

Create the input message

Create a word file with the text "Now is the time for all good men to come to the aid of their country".

Save the file

Create a hash

Execute md5deep and provide the above file name as it's input.
md5deep g:\csinfo\itc358\assessment2\country.docx
The generated hash key will be displayed. The length of the hash created is 128 bits or 16 bytes. The value shown is in 32 hexadecimal characters.

Create a hash

Use the md5deep documentation file as input to create another hash.
The length of the hash created is 128 bits or 16 bytes. The value shown is in 32 hexadecimal characters. This conforms to the requirement of a good hash algorithm to generate a consistent hash value regardless of the content length used to generate the hash.

Modify the message contents

Open the word file created as input to hash 1 and modify it by removing the fullstop at the end of the sentence.

Create a hash using the modified word file

Even the slightest modification has resulted in creating a completely new has value.
This proves the hash function can be used to check the integrity of a message.

Create a hash using sha1deep

The hash value length is 160 bits or 20 bytes long for both documents but the hash value is significantly different for the two documents.

Create a hash using sha256deep

The hash value length is 256 bits long for both documents but the hash value is significantly different for the two documents.

Create a hash using whirlpooldeep

The hash value length is 512 bits long for both documents but the hash value is significantly different for the two documents. The displayed hash value is in 128 hexadecimal digits.

Cryptography - Uses for hashes

Hash

Creating a hash value is a basic function of cryptography. The input is processed by a hashing function and the output is the hash value or message digest. Ciampa (2009) describes a hashing algorithm as the most basic cryptographic algorithm. A characteristic of a good hashing function is that no two different messages will produce the same hash value and the hash value cannot be reversed in order to find the original message. Additionally regardless of the input message length the output hash value length will be a fixed number of characters.

Standard Hash Algorithms

MD5 – Message digest algorithm version 5
SHA – Secure hashing algorithm
Whirlpool - Whirlpool hashing algothirm

Uses of hashes

Client authentication by a server is a good scenario for using hash values. As an example Ciampa (2009) describes how ATMs use hash values to validate user’s entered password hashed against the hashed password stored on the card.
This avoids the need to transmit passwords over the network, more efficient, more secure.

A message can be verified as the original with the use of a hash value.
The creator of the message generates a hash value also known as a message digest. The recipient can generate the hash value and compare with the original hash to verify the message content is original and has not been modified. However this technique does not provide confidentiality of the message.

Stallings(2005)describes three alternative ways in which the above technique can be used to obtain authenticity as well as confidentiality.

• Using conventional encryption
• Using public-key encryption
• Using secret value

Another use of hash function is message integrity check which is a digital signature found in secure email according to Pfleeger and Pfleeger (2007)

References

Ciampa, M, 2009, Security+ guide to network security fundamentals,

Pfleeger, C, Pfleeger, S, 2007, Security in computing, Prentice hall

Stallings, W, 2005, Business data communications, Prentice hall