This document discusses wireless network security. It begins with an introduction to IEEE 802.11 wireless LAN standards and the different wireless architectures used in home, small office/home office, and enterprise networks. It then covers wireless encryption and authentication methods like WEP, WPA, WPA2, and WPA2 Enterprise. The document also describes vulnerabilities in wireless networks and methods for penetration testing networks, including reconnaissance, exploiting authentication protocols, attacking guest networks, and specific attacks against WEP encryption. It provides examples of capturing packets to crack WEP keys and discusses rogue access points and tools to create them like Airsnarf.
Web services present unique challenges for penetration testing due to their complexity and differences from traditional web applications. There is a lack of standardized testing methodology and tools for web services. Many penetration testers are unsure how to properly scope and test web services. Existing tools have limitations and testing environments must often be built from scratch. A thorough understanding of web service standards and frameworks is needed to effectively test for vulnerabilities from both the client and server side.
Meenu Dogra is a software engineer who specializes in secure coding and application development. She holds an Oracle Certified Associate certification and gives webinars on security topics. Her document discusses the importance of online security for businesses and developers. It introduces the Secure System Development Life Cycle (SSDLC) as a method to incorporate security at all stages of developing software systems, from requirements analysis to verification. The SSDLC aims to address vulnerabilities that could otherwise pose risks to an organization's online operations and security.
Android Application Penetration Testing - Mohammed AdamMohammed Adam
Android Penetration Testing is a process of testing and finding security issues in an android application. It involves decompiling, real-time analyzing and testing android application for security point of view. This Slides covers real-time testing of android applications and some security issues like insecure logging, leaking content providers, insecure data storage and access control issues.
The document provides an overview of penetration testing basics from a presentation by The Internet Storm Center, SANS Institute, and GIAC Certification Program. It discusses the Internet Storm Center, SANS/GIAC training and certifications, common cyber threats, the methodology for penetration testing, tools used for various stages like reconnaissance, scanning, exploitation, and analysis, and the importance of reporting and mitigation strategies.
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
c0c0n 2015 Presentation. This talk discussed about the impact of using components with known vulnerabilities along with various tips and tools for software developer or administrator to facilitate identification of vulnerable components.
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
In this presentation we analyze benefits of applied innovative WAF that have callback connection with DAST security tools and allow very quickly detect security defects in critical SaaS or e-commerce application
This document provides an overview of mobile application security testing. It discusses the mobile security stack including the infrastructure, hardware, operating system and application layers. It then covers topics like mobile threat modeling, mobile application auditing techniques including dynamic and static analysis. The document also discusses the OWASP top 10 mobile risks and provides case studies and demonstrations on pentesting real mobile applications and reverse engineering Android malware.
The document discusses security issues related to mobile applications. It describes how mobile apps now offer many more services than basic phone calls and texts. This expanded functionality introduces new attack surfaces, including the client software on the device, the communication channel between the app and server, and server-side infrastructure. Some common vulnerabilities discussed are insecure data storage on the device, weaknesses in data encryption, SQL injection, and insecure transmission of sensitive data like credentials over the network. The document also provides examples of techniques for analyzing app security like reverse engineering the app code and using a proxy like Burp Suite to intercept network traffic.
Web services present unique challenges for penetration testing due to their complexity and differences from traditional web applications. There is a lack of standardized testing methodology and tools for web services. Many penetration testers are unsure how to properly scope and test web services. Existing tools have limitations and testing environments must often be built from scratch. A thorough understanding of web service standards and frameworks is needed to effectively test for vulnerabilities from both the client and server side.
Meenu Dogra is a software engineer who specializes in secure coding and application development. She holds an Oracle Certified Associate certification and gives webinars on security topics. Her document discusses the importance of online security for businesses and developers. It introduces the Secure System Development Life Cycle (SSDLC) as a method to incorporate security at all stages of developing software systems, from requirements analysis to verification. The SSDLC aims to address vulnerabilities that could otherwise pose risks to an organization's online operations and security.
Android Application Penetration Testing - Mohammed AdamMohammed Adam
Android Penetration Testing is a process of testing and finding security issues in an android application. It involves decompiling, real-time analyzing and testing android application for security point of view. This Slides covers real-time testing of android applications and some security issues like insecure logging, leaking content providers, insecure data storage and access control issues.
The document provides an overview of penetration testing basics from a presentation by The Internet Storm Center, SANS Institute, and GIAC Certification Program. It discusses the Internet Storm Center, SANS/GIAC training and certifications, common cyber threats, the methodology for penetration testing, tools used for various stages like reconnaissance, scanning, exploitation, and analysis, and the importance of reporting and mitigation strategies.
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
c0c0n 2015 Presentation. This talk discussed about the impact of using components with known vulnerabilities along with various tips and tools for software developer or administrator to facilitate identification of vulnerable components.
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
In this presentation we analyze benefits of applied innovative WAF that have callback connection with DAST security tools and allow very quickly detect security defects in critical SaaS or e-commerce application
This document provides an overview of mobile application security testing. It discusses the mobile security stack including the infrastructure, hardware, operating system and application layers. It then covers topics like mobile threat modeling, mobile application auditing techniques including dynamic and static analysis. The document also discusses the OWASP top 10 mobile risks and provides case studies and demonstrations on pentesting real mobile applications and reverse engineering Android malware.
The document discusses security issues related to mobile applications. It describes how mobile apps now offer many more services than basic phone calls and texts. This expanded functionality introduces new attack surfaces, including the client software on the device, the communication channel between the app and server, and server-side infrastructure. Some common vulnerabilities discussed are insecure data storage on the device, weaknesses in data encryption, SQL injection, and insecure transmission of sensitive data like credentials over the network. The document also provides examples of techniques for analyzing app security like reverse engineering the app code and using a proxy like Burp Suite to intercept network traffic.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
The document provides information on various certification and training options for penetration testing and ethical hacking. It discusses several vendors that provide both online and bootcamp training programs, and lists the costs associated with each. It provides details on certifications from vendors like CompTIA, EC-Council, GIAC, Mile2, and Offensive Security. These certifications range in focus from foundational security skills to advanced penetration testing. The document also notes some free online resources available for additional preparation.
Mobile Threats and Trends Changing Mobile App SecurityDevOps.com
Deploying your high-value mobile app to untrusted environments such as consumer mobile devices can be a risky proposition. Are some of your customers’ devices compromised? Do your users also download apps from untrusted sources? Is there malware residing on their devices that target apps such as yours?
Despite your best efforts to code secure apps, assess their security posture, and remediate any identified vulnerabilities – it’s not quite enough in today’s mobile threat landscape. Safeguarding mobile apps during runtime and empowering them to protect themselves in hostile environments is becoming a necessity in the face of ever-evolving mobile attack tactics and techniques.
During this webinar, we will:
Discuss today’s mobile app threat landscape
Explain how changing distribution models (e.g., Fortnite for Android) affect your app’s security
Illustrate the potential financial impact of mobile threats on a business’s bottom line
Demonstrate mobile overlay and other attacks
Reveal how mobile apps can protect themselves against these attacks with app shielding and runtime protection
José Manuel Ortega Candel presented on security testing in mobile applications. The presentation covered static and dynamic application security testing, vulnerabilities, security risks, and best practices for mobile security testing. It discussed analyzing application source code, network traffic, and runtime behavior to identify issues. The document also provided examples of common mobile vulnerabilities and tools that can be used to conduct security testing on both Android and iOS applications.
This document summarizes security threats and attacks on the Android system. It outlines the Android threat model and discusses attacks from computers, firmware, NFC, Bluetooth, and malicious apps. Specific attack vectors are described, such as exploiting update mechanisms, customization vulnerabilities, and speech recognition from gyroscope data. Countermeasures like updating apps and closing unused services are recommended for users. Developers are advised to follow basic security practices like code reviews and penetration testing.
Web applications are arguably the most important back-end component of any online business. They are used to power many of the features most of us take for granted on a website
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
This presentation is part of a series focused on OWASP Mobile Top 10 : We discussed about what is data leakage, places where data could be leaked. sample /examples of data leakage and how it differes from M2: Insecure data storage.
Secure web programming plus end users' awareness are the last line of defense against attacks targeted at the corporate systems, particularly web applications, in the era of world-wide web.
Most web application attacks occur through Cross Site Scripting (XSS), and SQL Injection. On the other hand, most web application vulnerabilities arise from weak coding with failure to properly validate users' input, and failure to properly sanitize output while displaying the data to the visitors.
The literature also confirms the following web application weaknesses in 2010: 26% improper output handling, 22% improper input handling, and 15% insufficient authentication, and others.
Abdul Rahman Sherzad, lecturer at Computer Science Faculty of Herat University, and Ph.D. student at Technical University of Berlin gave a presentation at 12th IT conference on Higher Education for Afghanistan in MoHE, and then conducted a seminar at Hariwa Institute of Higher Education in Herat, Afghanistan introducing web application security threats by demonstrating the security problems that exist in corporate systems with a strong emphasis on secure development. Major security vulnerabilities, secure design and coding best practices when designing and developing web-based applications were covered.
The main objective of the presentation was raising awareness about the problems that might occur in web-application systems, as well as secure coding practices and principles. The presentation's aims were to build security awareness for web applications, to discuss the threat landscape and the controls users should use during the software development lifecycle, to introduce attack methods, to discuss approaches for discovering security vulnerabilities, and finally to discuss the basics of secure web development techniques and principles.
[OPD 2019] AST Platform and the importance of multi-layered application secu...OWASP
This document discusses the importance of multi-layered application security testing and summarizes several application security testing techniques. It introduces static application security testing (SAST), interactive application security testing (IAST), software composition analysis (SCA), and dynamic application security testing (DAST). For each technique, it provides a brief description and highlights of their advantages and disadvantages. It emphasizes that using multiple techniques together can provide more comprehensive security testing than any single technique alone.
Web application firewalls (WAFs) examine traffic beyond IP and TCP headers to perform deep packet inspection and detect known application vulnerabilities without requiring code modifications. A typical WAF architecture filters network traffic and monitors sessions. WAFs can stop attacks before reaching web servers by filtering at the application layer. They provide compensating controls to protect faulty code and allow resources to focus elsewhere by securing applications at the network level. WAFs are useful for custom code without developers, vendor code with limited auditing, and legacy systems, particularly for government, healthcare, retail, and manufacturing.
This document summarizes a presentation on ethical hacking and penetration testing. It includes:
1. An overview of what ethical hacking and penetration testing are, which involves improving security by finding vulnerabilities before hackers do.
2. The issues organizations face from internal and external risks like employees' lack of security awareness or external hackers exploiting weaknesses.
3. The tools and techniques used in penetration testing, including automated vs manual methods, external vs internal testing, and examples like denial of service, social engineering, and Google hacking.
4. Both the benefits of strengthening security and limitations, like testing not being guaranteed to find all vulnerabilities or account for changing technologies.
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
This document summarizes strategies for building secure systems. It discusses making security a core requirement from the beginning, employing secure software architecture and development practices, isolating processes using sandboxes, avoiding cleartext data, using libraries carefully and keeping them updated, auditing code, and continuously improving security. The overall message is that security must be prioritized throughout the entire system development lifecycle in order to successfully build resilient systems.
This document discusses the security implications of cloud computing and summarizes a presentation by Ben Masino of Alert Logic. It notes that web application attacks are now the number one source of data breaches, but less than 5% of security budgets are spent on application security. It also outlines some of the challenges in defending applications and workloads in the cloud, including a wide range of attacks at every layer of the stack and vulnerabilities introduced through rapidly changing code and third party tools. The document then provides an example of a data exfiltration attack against a textile company, where the attacker was able to access critical systems and steal financial and design data by exploiting known PHP flaws and leveraging captured credentials.
The Open Web Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
This document discusses vulnerabilities that are not covered by the OWASP Top 10 list. It provides 10 examples of vulnerabilities found during penetration testing and remediation cycles. These include issues like replay attacks, inference holes, encryption oracles, searching within protected documents, risky user registration processes, race conditions, improper input validation, log sanitization problems, log forgery, and bypassing CAPTCHAs. The document argues that while the OWASP Top 10 is a useful list, security teams should look beyond it to find other types of vulnerabilities.
Wireless networks have become commonplace in homes and offices, enabling increased productivity and mobile connectivity. They function by connecting clients to a central access point or in an ad-hoc peer-to-peer mode. Early security standards like WEP had vulnerabilities due to short encryption keys and initialization vector reuse. WPA and its successor WPA2 were developed to address these issues through stronger encryption, authentication, and dynamic key generation. However, wireless networks remain vulnerable to insertion attacks by unauthorized clients or rogue access points, as well as traffic interception if encryption is not used.
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
The document discusses Wi-Fi security and proposes using a proxy server to improve Wi-Fi security. It first provides background on Wi-Fi and proxy servers, describing how proxy servers act as intermediaries and can provide caching, filtering, and authentication. It then reviews various existing Wi-Fi security methods like WEP, WPA, WPA2, AES, and TKIP. The proposed approach is to add a proxy server to the Wi-Fi network in the same way it is used in wired LANs, which could potentially increase Wi-Fi security and performance by 5-10% by providing filtering, caching, and unique user authentication through the proxy server.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
The document provides information on various certification and training options for penetration testing and ethical hacking. It discusses several vendors that provide both online and bootcamp training programs, and lists the costs associated with each. It provides details on certifications from vendors like CompTIA, EC-Council, GIAC, Mile2, and Offensive Security. These certifications range in focus from foundational security skills to advanced penetration testing. The document also notes some free online resources available for additional preparation.
Mobile Threats and Trends Changing Mobile App SecurityDevOps.com
Deploying your high-value mobile app to untrusted environments such as consumer mobile devices can be a risky proposition. Are some of your customers’ devices compromised? Do your users also download apps from untrusted sources? Is there malware residing on their devices that target apps such as yours?
Despite your best efforts to code secure apps, assess their security posture, and remediate any identified vulnerabilities – it’s not quite enough in today’s mobile threat landscape. Safeguarding mobile apps during runtime and empowering them to protect themselves in hostile environments is becoming a necessity in the face of ever-evolving mobile attack tactics and techniques.
During this webinar, we will:
Discuss today’s mobile app threat landscape
Explain how changing distribution models (e.g., Fortnite for Android) affect your app’s security
Illustrate the potential financial impact of mobile threats on a business’s bottom line
Demonstrate mobile overlay and other attacks
Reveal how mobile apps can protect themselves against these attacks with app shielding and runtime protection
José Manuel Ortega Candel presented on security testing in mobile applications. The presentation covered static and dynamic application security testing, vulnerabilities, security risks, and best practices for mobile security testing. It discussed analyzing application source code, network traffic, and runtime behavior to identify issues. The document also provided examples of common mobile vulnerabilities and tools that can be used to conduct security testing on both Android and iOS applications.
This document summarizes security threats and attacks on the Android system. It outlines the Android threat model and discusses attacks from computers, firmware, NFC, Bluetooth, and malicious apps. Specific attack vectors are described, such as exploiting update mechanisms, customization vulnerabilities, and speech recognition from gyroscope data. Countermeasures like updating apps and closing unused services are recommended for users. Developers are advised to follow basic security practices like code reviews and penetration testing.
Web applications are arguably the most important back-end component of any online business. They are used to power many of the features most of us take for granted on a website
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
This presentation is part of a series focused on OWASP Mobile Top 10 : We discussed about what is data leakage, places where data could be leaked. sample /examples of data leakage and how it differes from M2: Insecure data storage.
Secure web programming plus end users' awareness are the last line of defense against attacks targeted at the corporate systems, particularly web applications, in the era of world-wide web.
Most web application attacks occur through Cross Site Scripting (XSS), and SQL Injection. On the other hand, most web application vulnerabilities arise from weak coding with failure to properly validate users' input, and failure to properly sanitize output while displaying the data to the visitors.
The literature also confirms the following web application weaknesses in 2010: 26% improper output handling, 22% improper input handling, and 15% insufficient authentication, and others.
Abdul Rahman Sherzad, lecturer at Computer Science Faculty of Herat University, and Ph.D. student at Technical University of Berlin gave a presentation at 12th IT conference on Higher Education for Afghanistan in MoHE, and then conducted a seminar at Hariwa Institute of Higher Education in Herat, Afghanistan introducing web application security threats by demonstrating the security problems that exist in corporate systems with a strong emphasis on secure development. Major security vulnerabilities, secure design and coding best practices when designing and developing web-based applications were covered.
The main objective of the presentation was raising awareness about the problems that might occur in web-application systems, as well as secure coding practices and principles. The presentation's aims were to build security awareness for web applications, to discuss the threat landscape and the controls users should use during the software development lifecycle, to introduce attack methods, to discuss approaches for discovering security vulnerabilities, and finally to discuss the basics of secure web development techniques and principles.
[OPD 2019] AST Platform and the importance of multi-layered application secu...OWASP
This document discusses the importance of multi-layered application security testing and summarizes several application security testing techniques. It introduces static application security testing (SAST), interactive application security testing (IAST), software composition analysis (SCA), and dynamic application security testing (DAST). For each technique, it provides a brief description and highlights of their advantages and disadvantages. It emphasizes that using multiple techniques together can provide more comprehensive security testing than any single technique alone.
Web application firewalls (WAFs) examine traffic beyond IP and TCP headers to perform deep packet inspection and detect known application vulnerabilities without requiring code modifications. A typical WAF architecture filters network traffic and monitors sessions. WAFs can stop attacks before reaching web servers by filtering at the application layer. They provide compensating controls to protect faulty code and allow resources to focus elsewhere by securing applications at the network level. WAFs are useful for custom code without developers, vendor code with limited auditing, and legacy systems, particularly for government, healthcare, retail, and manufacturing.
This document summarizes a presentation on ethical hacking and penetration testing. It includes:
1. An overview of what ethical hacking and penetration testing are, which involves improving security by finding vulnerabilities before hackers do.
2. The issues organizations face from internal and external risks like employees' lack of security awareness or external hackers exploiting weaknesses.
3. The tools and techniques used in penetration testing, including automated vs manual methods, external vs internal testing, and examples like denial of service, social engineering, and Google hacking.
4. Both the benefits of strengthening security and limitations, like testing not being guaranteed to find all vulnerabilities or account for changing technologies.
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
This document summarizes strategies for building secure systems. It discusses making security a core requirement from the beginning, employing secure software architecture and development practices, isolating processes using sandboxes, avoiding cleartext data, using libraries carefully and keeping them updated, auditing code, and continuously improving security. The overall message is that security must be prioritized throughout the entire system development lifecycle in order to successfully build resilient systems.
This document discusses the security implications of cloud computing and summarizes a presentation by Ben Masino of Alert Logic. It notes that web application attacks are now the number one source of data breaches, but less than 5% of security budgets are spent on application security. It also outlines some of the challenges in defending applications and workloads in the cloud, including a wide range of attacks at every layer of the stack and vulnerabilities introduced through rapidly changing code and third party tools. The document then provides an example of a data exfiltration attack against a textile company, where the attacker was able to access critical systems and steal financial and design data by exploiting known PHP flaws and leveraging captured credentials.
The Open Web Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
This document discusses vulnerabilities that are not covered by the OWASP Top 10 list. It provides 10 examples of vulnerabilities found during penetration testing and remediation cycles. These include issues like replay attacks, inference holes, encryption oracles, searching within protected documents, risky user registration processes, race conditions, improper input validation, log sanitization problems, log forgery, and bypassing CAPTCHAs. The document argues that while the OWASP Top 10 is a useful list, security teams should look beyond it to find other types of vulnerabilities.
Wireless networks have become commonplace in homes and offices, enabling increased productivity and mobile connectivity. They function by connecting clients to a central access point or in an ad-hoc peer-to-peer mode. Early security standards like WEP had vulnerabilities due to short encryption keys and initialization vector reuse. WPA and its successor WPA2 were developed to address these issues through stronger encryption, authentication, and dynamic key generation. However, wireless networks remain vulnerable to insertion attacks by unauthorized clients or rogue access points, as well as traffic interception if encryption is not used.
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
The document discusses Wi-Fi security and proposes using a proxy server to improve Wi-Fi security. It first provides background on Wi-Fi and proxy servers, describing how proxy servers act as intermediaries and can provide caching, filtering, and authentication. It then reviews various existing Wi-Fi security methods like WEP, WPA, WPA2, AES, and TKIP. The proposed approach is to add a proxy server to the Wi-Fi network in the same way it is used in wired LANs, which could potentially increase Wi-Fi security and performance by 5-10% by providing filtering, caching, and unique user authentication through the proxy server.
The document discusses security issues with IEEE 802.11b wireless local area networks (WLANs). It outlines 7 main security problems: 1) easy access to networks, 2) unauthorized access points, 3) unauthorized use of services, 4) constraints on service and performance, 5) MAC spoofing and session hijacking, 6) traffic analysis and eavesdropping, 7) higher level attacks once access is gained. It then analyzes weaknesses in the Wired Equivalent Privacy (WEP) encryption used by 802.11b and outlines improvements made in later standards like Wi-Fi Protected Access (WPA) and 802.11i.
Seminar Paper on Security Issues of 802.11b based on IEEE Whitepaper by Boland, H. and Mousavi, H., Carleton University, Ottawa, Ont., Canada, IEEE Canadian Conference on Electrical and Computer Engineering, 2-5 May 2004
The document discusses best practices for wireless LAN deployment and security. It covers wireless concepts and standards, security issues with wireless networks like weak encryption and rogue access points, and common attacks. It also provides countermeasures like using encryption, limiting the broadcast range of access points, implementing authentication, and monitoring for unauthorized devices on the network.
Viable means using which Wireless Network Security can be JeopardizedIRJET Journal
This document discusses various ways in which the security of wireless networks can be compromised. It begins by providing background on wireless network security and protocols such as WEP, WPA, and WPA2. While these protocols aimed to improve security over their predecessors, they still had vulnerabilities that allowed unauthorized access. The document then describes eight common methods that malicious attackers use to gain control of wireless networks, such as exploiting ad-hoc networks, traffic analysis, and spoofing. It concludes by noting that while security has improved, experienced attackers will still attempt to find loopholes to hack networks.
The document discusses security issues with 802.11b wireless LANs. It identifies 7 categories of risks: insertion attacks, interception of traffic, jamming, client-to-client attacks, brute force password attacks, encryption attacks, and misconfigurations. Default access point settings like SSIDs and passwords leave them vulnerable if not changed. Proper configuration of wireless access points, firewalls, intrusion detection, and encryption are recommended to secure a wireless network.
1 EAP and 802.1X are usually associated with aRADIUS server2To.pdfarjunenterprises1978
1: EAP and 802.1X are usually associated with a
RADIUS server
2:To set up an extra access point to detect intruders is called using a _______.
fly paper
3:Disabling an SSID broadcast is a common option in some wireless 802.11 NICs.802.11 b
Access Point
Solution
solution to question 1-
EAP and 802.1X are usually associated with a WEP
Wired Equivalent Privacy (WEP), which is part of the original 802.11 standard, should provide
confidentiality. Unfortunately WEP is poorly designed and easily cracked. There is no
authentication mechanism, only a weak form of access control.
As a response to WEP broken security, IEEE has come up with a new wireless security standard
named 802.11i. 802.1X plays a major role in this new standard.
The new security standard, 802.11i, which was ratified in June 2004, fixes all WEP weaknesses.
It is divided into three main categories:
The industry didn\'t have time to wait until the 802.11i standard was completed. They wanted the
WEP issues fixed now! Wi-Fi Alliance felt the pressure, took a \"snapshot\" of the standard , and
called it Wi-Fi Protected Access (WPA). One requirement was that existing 802.11 equipment
could be used with WPA, so WPA is basically TKIP + 802.1X.
Extensible Authentication Protocol (EAP) is just the transport protocol optimized for
authentication, not the authentication method itself
SOLUTION TO QUESTION2-To set up an extra access point to detect intruders is called using
a HONEYPOT
A honeypot is a computer system that is set up to act as a decoy to lure cyberattackers, and to
detect, deflect or study attempts to gain unauthorized access to information systems.
SOLUTION TO QUESTION 3-
One of the most common security recommendations regarding wireless networks is that you
should disable SSID broadcasting
Temporary Key Integrity Protocol (TKIP) is a short-term solution that fixes all WEP
weaknesses. TKIP can be used with old 802.11 equipment (after a driver/firmware upgrade) and
provides integrity and confidentiality.
Counter Mode with CBC-MAC Protocol (CCMP) is a new protocol, designed from ground up. It
uses AES as its cryptographic algorithm, and, since this is more CPU intensive than RC4 (used
in WEP and TKIP), new 802.11 hardware may be required. Some drivers can implement CCMP
in software. CCMP provides integrity and confidentiality.
802.1X Port-Based Network Access Control: Either when using TKIP or CCMP, 802.1X is used
for authentication..
This document discusses wireless network security. It begins by defining wireless networking and standards like 802.11 and 802.16. It then discusses threats to wireless networks like malicious association, ad hoc networks, and identity theft. Early security standards like WEP are explained, along with their weaknesses. Later standards that aimed to improve security are covered, such as 802.1x, 802.11i, and protocols like CCMP. The document concludes with thoughts on securing wireless transmissions through encryption and signal hiding, and securing wireless networks through encryption, antivirus software, and limiting access.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksChema Alonso
Trabajo realizado para la medición del grado de inseguridad de una red WiFi a la que se conecta un equipo. En él se analizan las medidas de seguridad, el riesgo y los motivos por los que existen las redes WiFi inseguras
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
The growing volume of attacks on the Internet has
increased the demand for more robust systems and
sophisticated tools for vulnerability analysis, intrusion
detection, forensic investigations, and possible responses.
Current hacker tools and technologies warrant reengineering
to address cyber crime and homeland security. The being
aware of the flaws on a network is necessary to secure the
information infrastructure by gathering network topology,
intelligence, internal/external vulnerability analysis, and
penetration testing. This paper has as main objective to
minimize damages and preventing the attackers from
exploiting weaknesses and vulnerabilities in the 4 ways
handshake (WIFI).
We equally present a detail study on various attacks and
some solutions to avoid or prevent such attacks in WLAN.
This is the the technology which is very basic understanding on Wi- Fi technology..
What is Wi-Fi technology and how is working and also the advantages of wi-fi.....
Research Inventy : International Journal of Engineering and Scienceinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
Nowadays Wireless local area networks (WLANs) are growing very rapidly. Due to the popularity of 802.11 networks, possibilities of various attacks to the wireless network have also increased. In this paper, a special type of attack De-Authentication/disassociation attack has been investigated. In a normal scenario, a wireless client or user sends a de-authentication frame when it wants to terminate the connection. These frames are in plain text and are not encrypted. These are not authenticated by the access point. Attackers take advantage of this, and spoof these packets and disable the communication between the connected client and access point. In this paper, an algorithm based on radio-tap header information is suggested to identify whether there is a De-Authentication attack on the client or not.
The document discusses Wi-Fi technology, including its standards, architecture, security techniques, and applications. It describes the IEEE 802.11 standards for Wi-Fi networks, including 802.11b, 802.11a, and 802.11g. It outlines the basic components of a Wi-Fi network including access points, Wi-Fi cards, and security measures. It also summarizes common Wi-Fi network configurations, topologies, and applications as well as security techniques such as SSID, WEP, WPA, and 802.1x access control.
Wireless Device and Network level securityChetan Kumar S
This document provides an overview of security at the device, network, and server levels for wireless systems. It discusses security requirements and challenges for mobile devices, networks, and servers. It also summarizes common wireless network security standards and protocols like WEP, WPA, and WPA2. Specific security threats and potential solutions are outlined for each level.
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
This document discusses cracking WEP encrypted WiFi networks. It begins with introductions to WiFi technology and encryption methods like WEP, WPA, and WPA2. It then provides steps to crack WEP networks using tools like Aircrack-NG on Windows and Kali Linux. For Windows, it describes using CommView to capture packets and Aircrack-NG GUI to crack passwords. For Kali, it outlines passive and active cracking techniques, including using airodump-ng to capture packets and aireplay-ng to generate more packets through ARP request replays and fake authentication attacks before cracking passwords with Aircrack-NG. The goal is to capture enough initialization vectors to crack weak WEP encryption keys.
Wireless Security Needs For Enterprisesshrutisreddy
This document discusses improving wireless security for enterprise/corporate users compared to home users. It analyzes security threats like encryption attacks and outlines techniques like WEP, WPA, and WPA2. The key points are:
1) Wireless networks are vulnerable to attacks using tools like AirSnort but techniques like WPA2 with AES encryption provide stronger security.
2) Corporate networks require robust security as they contain sensitive customer data, while basic techniques like WEP may suffice for home networks.
3) The document recommends home users enable security settings and use WPA-PSK encryption to protect their wireless networks.
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISIJNSA Journal
Like most advances, wireless LAN poses both opportunities and risks. The evolution of wireless networking in recent years has raised many serious security issues. These security issues are of great concern for this technology as it is being subjected to numerous attacks. Because of the free-space radio transmission in wireless networks, eavesdropping becomes easy and consequently a security breach may result in unauthorized access, information theft, interference and service degradation. Virtual Private Networks (VPNs) have emerged as an important solution to security threats surrounding the use of public networks for private communications. While VPNs for wired line networks have matured in both research and commercial environments, the design and deployment of VPNs for WLAN is still an evolving field. This paper presents an approach to secure IEEE 802.11g WLAN using OpenVPN, a transport layer VPN solution and its impact on performance of IEEE 802.11g WLAN.
Similar to Pentesting Your Own Wireless Networks, June 2011 Issue (20)
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
3. Issue17 – June2011 | Page-3
Pentesting your
own Wireless
Network
Introduction to IEEE 802.11
IEEE 802.11 is a set of protocols used for
implementing wireless LAN. IEEE Protocol
standards are created and maintained by
IEEE LAN/MAN Standard Committee.
WLANs operate in 3 different frequency
ranges that is2.4Ghz (802.11b/g/n), 3.6Ghz
(802.11y) and 4.9/5.0Ghz (802.11a/h/j/n).
Each of these Frequencies are further
divided in to multiple channels. Every
country has permissible channels and
maximum power levels. However, wireless
card can be easily configured to disregard
these policies. One can make the wireless
NIC hop on different channels, but at any
given period of time a wireless NIC will be
connected only to a single channel.
Different Wireless Architectures
& Implementations
Wi-Fi implementation as any other
technology is needed to drive Business. It‟s
very important to get an optimum ROI with
required security & controls in place.
Keeping this in mind, the Home
implementation of Wi-Fi network differs as
compared to SOHO or Enterprise
implementation.
1. Wi-Fi Network at Home:
In a usual home environment multiple
clients connect to an AP which is
connected to a broadband (DSL / Cable)
modem. Wi-Fi at home is mainly used
for internet access and all the users have
same privileges.
4. Issue17 – June2011 | Page-4
The following is typical of a Wi-Fi
implementation at home‟s:
Clients connecting to AP / Wireless
Routers
Wireless Router connected to a
broadband modem for internet
service
Security – WEP or WPA/WPA2
Personal
SSID broadcast
MAC Address filtering
Paraphrases/passwords to access
Wi-Fi service never changed and at
times easy to guess
Due to the nature of work and the type of
information, it is not feasible to implement
Enterprise class security for home users.
The home networks are easier to
compromise but again it‟s a tradeoff
between security and ease of use.
However, there are good practices which if
implemented correctly would deter and
make it difficult for an attacker to break into
the home Wi-Fi network.
2. Corporate / Enterprise Network:
In a Corporate enterprise network,
stronger security controls are required.
Wi-Fi is used by employee‟s to access the
corporate network and by the guests /
visitors to access the internet.
Access to Corporate network through Wi-Fi
requires the employee‟s to authenticate to
the authentication server before the access
is granted to the corporate network. They
key features of this network setup are:-
Restricted to employee‟s
Involves authentication using
authenticating server
Stronger encryption protocols
Wi-Fi network at Home
5. Issue17 – June2011 | Page-5
Access on need to know basis
Security – WPA2 Enterprise along
with EAP-TTLS, MSCHAPv2 etc. is
used
In a corporate environment there is usually
a „Guest‟ wireless network for guests and
visitors. This network is only for internet
access and is supposed to be isolated from
the Corporate Wi-Fi network.
Encryption & Authentication used
in IEEE 802.11 Environment:
Wired Equivalent Privacy (WEP) –
WEP uses RC4 encryption algorithm which
has several weaknesses. IEEE 802.11i was
ratified in 2004 and is the primary means of
wireless security. In spite of known
vulnerabilities due to the oldest and easiest
configuration WEP is still widely deployed
at least on Home Networks
Wi-Fi Protected Access (WPA) – WPA
protocol implements majority of IEE
802.11i standard requirements. WPA makes
use of Temporal Key Integrity Protocol
(TKIP) instead of RC4 used in its
predecessor WEP. To offer greater security,
CCMP, an AES based encryption protocol
was released in the final IEEE 802.11i
standard (referred to as WPA2).
WPA Personal – Commonly referred as
WPA – Pre shared key (PSK). The clients
authenticate with the AP‟s using the 256 bit
keys. It‟s mainly used at homes and in
SOHO environment
Corporate/Enterprise Network
6. Issue17 – June2011 | Page-6
WPA Enterprise – Mainly designed for
Enterprise networks and requires
authentication using RADIUS server.
Extensible Authentication Protocol (EAP) is
used for authentication, which comes in
different flavors (EAP-TLS, EAP-TTLS). It
is also referred as WPA-802.1x mode
RADIUS protocol inherently only allows for
password based authentication i.e. the
password is sent as MD5 Hash or response
to a challenge (CHAP-password). EAP
enriches the authentication feature of
RADIUS.
VA&PT of Wireless Networks
Approach for conducting VA&PT of a
wireless network is similar to traditional
connected network but there are added risks
and vulnerabilities specific to Wi-Fi network
that need to be looked into. To conduct
VA&PT of wireless network it is very
important to get the objectives clear.
Wireless network if compromised can lead
to unauthorized access to the corporate
infrastructure which might be on the
traditional connected network.
Approach:-
1. Reconnaissance
2. Identifying the Encryption &
Authentication Technology
3. Attempt to Gain Access
4. Brute Forcing / Guessing Passwords
5. Identifying weakness in the Wi-Fi
Technology
6. Attacks specific to Wi-Fi Technology
7. Summarization & Reporting
7. Issue17 – June2011 | Page-7
Phase I: Reconnaissance
This is the most important phase whereby
the attacker gains most of the information
required for further directed attacks.
Intelligent sniffing can help in gathering
good amount of information on the wireless
network, technology being used and the
deployment.
Beacons are used to relay important
information like weather conditions,
navigation details, status reports etc.
Beacon frames in an IEE 802.11 WLAN
contain important details like SSID, type of
the network, encryption details, supported
data rates, manufacturer of AP etc. It is
transmitted periodically to make the
presence of WLAN known.
Tools like Kismet, NetStumbler, Wireshark
can assist in reconnaissance. With the help
of these tools details like SSID, Type of
encryption & authentication, access point
MAC Address along with approximate
location, signal strength, channels being
used etc. can be obtained.
The information obtained in this phase is
what dictates the further course of wireless
security testing.
Exploiting the Authentication
Protocol:
Due to the inherent nature of Wi-Fi
networks i.e. without wires and theoretically
no boundaries; security has always been a
prime concern. Authentication, Encryption,
Authorization are a must in a Wi-Fi setup.
In 802.11X network EAP gives RADIUS the
capability to work with variety of
authentication schemes like Kerberos, PKI,
Smart Card etc.
In a typical and common implementation of
EAP like TLS, MD5 and MSCHAPv2 (used
in most of the Windows clients) the user
ID/Login ID (active directory/domain) is
sent in clear text during handshake.
Figure 1: LEAP Handshake [1]
8. Issue17 – June2011 | Page-8
Compromise of Login ID can further lead to
brute force attempts for the passwords
leading to unauthorized access. In Figure 1
it can be seen that the User / Login ID is
displayed in clear text. Wireshark is used to
sniff the EAP – LEAP packets.
Phase II: Attacks on Guest Wireless
Networks
Organizations these days have an isolated
wireless network for guests & visitors to
access the internet. The „Guest‟ network is
supposed to be an isolated network with no
connection / interface to the corporate
network.
The following is common in a typical
implementation of a „Guest‟ wireless
network:
WEP
WPA2 with pre-shared key (PSK)
Internal IP Address assigned to the
guests
The „Guest‟ client part of „Guest
VLAN‟ hypothetically isolated from
t
h
e
c
o
r
p
o
r
a
t
e
/
e
n
terprise network; in many cases it is
not
For accessing the „Internet‟
resources; login credentials
(username & password) required to
be entered in the browser
Pre-Shared Keys are common for all
„Guests‟ and are seldom changed
Login Credentials used for accessing
the internet are common for all the
„Guests‟
Outsiders, contractors, vendors,
guests, over sea / travelling
employees etc. given access through
the same „Guest‟ network
„Guest VLAN‟ is not isolated from
the corporate VLAN
Consider a scenario where an attacker
sitting in the organization‟s premises gains
access to the „Guest‟ network‟s IP Address.
Irrespective of if he/she can access the
internet assigning of organization‟s internal
IP Address to the attacker‟s machine is a
major threat.
Figure 2: Scan for 10.100.1.1 to 10.100.1.100 range showing tw0 hosts are up
9. Issue17 – June2011 | Page-9
The attacker can use tools like „Angry IP
Scan‟ to scan the entire range of IP Address
to find out the host that is „UP‟. Once the
host is identified traditional VA&PT tools
like Nessus, nmap, Metasploit etc. could be
used to identify and exploit the
vulnerabilities.
Phase III: Implementation specific
Attacks
Attack on WEP:
Attack Scenario 1: Cracking Wep Key
Using airmon-ng
Boot your favorite Linux distribution and
initialize command console, Make sure you
have the following tools installed:
1. Aircrack-ng:Aircrack-ng is an 802.11
WEP and WPA-PSK keys cracking
program that can recover keys once
enough data packets have been
captured. It implements the standard
FMS attack along with some
optimizations like KoreK attacks, as well
as the all-new PTW attack, thus making
the attack much faster compared to
other WEP cracking tools.
2. Macchanger:A GNU/Linux utility for
viewing/manipulating the MAC address
of network interfaces.
Part A: Setting up your Machine
1. Let‟s start with setting up your machine
with required software‟s and libraries.
You can install the above mentioned
software‟s from your linux distributor‟s
online repositories.
2. For Debian Based Linux Distribution
(Eg: Debain, Ubuntu, linux mint etc.):-
For Redhat Based Linux Ditribution
(Eg: RHEL, Centos, Fedora, Opensuse):-
3. This command will list the current
network adaptors in your system in
detail; see what name has been assigned
to your Wi-Fi adaptor. For E.g: wlan0,
wlan1, etc.
4. This command will stop the card and
disable‟s the broadcast and reception, as
system won‟t allow you to change the
MAC address when card is in use:
5. Macchanger utility will change the
original MAC address to any MAC
address you desire.
6. This command will activate the wireless
network adaptor for broadcast and
reception, In some Linux distributions
you may also witness the following
error, as shown in the snapshot below:
Airmon-ng start wlan0
macchanger - -mac [Desired MAC
address] [Wi-Fi card name]
airmon-ng stop [Wi-Fi Card name]
ifconfig
yum install aircrack-ng
yum install Macchanger
sudo apt-get install aircrack-ng
sudo apt-get install Macchanger
10. Issue17 – June2011 | Page-10
7. If you see this error coming up on your
console, you don‟t need to lose your
heart, it‟s just that few services are
already using your wireless adaptor or
it‟s associated files, you will also see the
process names and PID‟s, you can stop
those process by using the following
command‟s:
8. You will see another extra adaptor that
is set on monitor mode with the name
mon0, use that adaptor in further
commands where – „[Wi-Fi card name]‟
appears
PART B: Start Capturing Data
Packets
1. This command will initialize the Wi-Fi
network monitoring & will show wireless
network‟s in range with encryption
cipher being used like Wep, WPA or
WPA2 and more.
2. As you execute the following command,
you will see a certain number of beacons
and data packets that will be stored in
the filename you have given. The file will
be stored in the root of the system drive
(Click on Computer and you will see the
file). The file will be present in two
formats: *.cap, *.txt.
Part C: Speed up the Process Data
Packet’s Capturing
Open a new console after the first data
packet has been stored. Type the command
in the new console and execute it
airodump-ng-c [Channel Number] -
w [Desired Filename for later
decryption] - - bssid [BSSID]
[Wi-Fi Card name]
Kill - kill [PID ] – process
Figure 3: (step 6) Starting airmon-ng
airmon-ng start [Wi-Fi Card name]
11. Issue17 – June2011 | Page-11
As you type this command you will see that
the data packets required for breaking the
key will increase dramatically thereby
saving you a lot of time.
PART D: Cracking/brute forcing Wep
Key
Open another console once you have around
20,000 data packets and type the following
command to reveal the WEP key.
It is not necessary that the key should have
exactly the same digits as shown above so
please don‟t freak out if you see a 10 digit or
14 digit key.
Also if the decryption fails, you can change
the bit level of the decryption in the
command:
Remember, the bit level should be a number
of 2n where n = 1,2,3,4…
Rogue Access Points
Rogue Access Point is a wireless access
point that has been illegally installed within
a range of secure wireless network without
the consent of the administrator of that
wireless network. The sole purpose behind
creating the Rogue access points is to
capture the secret key used to by the clients
to authenticate them to the legitimate
wireless access point. Attacker‟s exploits the
loophole and setup their own access point
with the same SSID‟s to fool the clients in a
way so that instead of connecting to
legitimate access point they may connect to
the Fake Access point created by the
attacker. Once the attacker gain‟s access to
aircrack-ng –n [BIT LEVEL] –b
[BSSID] [Filename without
extension]
aircrack-ng –n 64 –b [BSSID]
[Filename without the extension]
airreplay-ng -1 0 –a [BSSID] –h
[FAKED MAC ADDRESS] -e [Wi-Fi
name] [Wi-Fi card name]
Figure 4: Aircrack-ng in action
Figure 5: Brute force attac completed. Key decrypted.
12. Issue17 – June2011 | Page-12
the secured wireless network he may also
use sniffing and man in the middle attacks
to capture the juicy information travelling
throughout the network like login
credentials, credit card details other
important information.
Airsnarf [1]
Itis a simple rogue wireless access point
setup utility which can found in Backtrack a
popular security distribution for penetration
testers. Airsnarf is specially designed to
demonstrate how rogue access point can
actually steal usernames and passwords
from publically available hotspots. It
exploits the vulnerability in 802.11b
hotspots by confusing the users with DNS
and HTTP redirects from a competing
legitimate wireless access point.
Airsnarf is very user friendly. It contains a
configuration file ./cfg/airsnarf.cfg
file in which details like local network,
gateway & SSID can be configured. The
clients associated with the Fake / Rogue AP
will receive the IP, DNS and gateway details
from the Rogue AP. Also, it is possible to
configure Airsnarf „splash page‟ as dummy
login page and capture the login credentials
of the users. These details would be mailed
to root@localhost.
Rogue AP is in a way a Social Engineering
attack where in the attacker exploits the
human tendency of „trust‟.
Other tools available for creating Rogue
access point are freeradius WPE,
karmetasploit a module in Metasploit
(which is a combination of famous tool
called karma), Hotspotter, Fake AP, VOID11
and wifitap.
hole196 [2]
Please note this vulnerability was identified
and presented by MdSohail Ahmad from
AirTight Networks at BlackHat 2010.
Background:
Man-in-the-Middle Attack or what is
popularly known as MITM is very common
in wired networks. But, now it‟s very much
possible in WPA2 networks as well.
WPA2 uses two ncryption keys:
Pairwise key (PTK)
Group Key (GTK)
GTK – GTK is broadcasted by the Access
Point (AP) to all the clients and remains
common for all the clients.
PTK – It‟s a unique to each client and is
used to protect unicast data frames. It
changes with each session.
As per IEEE 802.11 standard PTK has
inherent capability whereby it can detect
MAC Address spoofing and data forgery.
GTK has not been designed with this
feature. These details are mentioned on the
page 196 of IEEE 802.11 standard and hence
the vulnerability was named as „Hole196‟.
Once again the flaw in the inherent design
of the protocol has been used to exploit this
vulnerability.
„hole196‟ does not lead to cracking of WPA2
keys or discovering the passwords. It is a
threat by the malicious insider which can
act as a legitimate Access Point and affect
the other clients i.e. Man-in-the-Middle
Attack.
13. Issue17 – June2011 | Page-13
Attack:
The Access Point (AP) shares the same GTK
with all the connected clients. So, GTK is
known and is common to all connected
clients. GTK is used as an encryption key by
the AP and decryption key by the client.
The log of wpa_supplicant software running
on wireless clients shows that GTK key is
known to the client devices.
Attacker injects fake ARP Request
packet to poison client‟s cache for
gateway. For the victim the attacker‟s
machine becomes the client gateway.
Victim sends all traffic encrypted with
its PTK to the AP, with Attacker as the
destination (gateway)
AP forwards Victim‟s data to the
Attacker encrypting it in the Attacker‟s
PTK. So Attacker can decrypt Victim‟s
private data.
Spoofed ARP packets are never sent to AP
and they never go over the wire and hence
cannot be detected by wired IDS/IPS.
Figure 6: Three connected Clients
Figure 7
Figure 8
14. Issue17 – June2011 | Page-14
Block ACK DoS [3]
All of us are familiar with TCP Sliding
Window flow control concept. On the
similar lines IEEE 802.11e and IEEE
802.11n are designed to acknowledge a
block of packets instead of sequential
transmit/acknowledge. The AP sends the
client Add Block Acknowledgement
(ADDBA) indicating the starting of the
transmission, window size, sequence
numbers etc. Anything outside the window
is dropped by the recipient. So here is the
catch!
There is no security on the control frame
and hence ADDBA frame can be
impersonated and spoofed.
Ideal Scenario:
AP sends the ADDBA request to client
identifying the window size, starting
sequence number etc.
Client responds with ACK followed by
ADDBA response
AP sends an acknowledgement (ACK)
Clients starts receiving the frames
defined in the ADDBA control frame and
ignores all the frames that fall outside
this range
The AP sends BlockACK Request frame
to client to know the status of the
received frames
Client reverts with a BlockACK if all the
frames were received alternatively client
can request for a retransmission or
selective transmission of lost packets
AP sends a delete block
acknowledgement (DELBA) Request to
release the buffers of both AP and
Client.
Vulnerability in Block ACK Handling &
DELBA frame:
Since the control frames are not
protected a malicious user / attacker can
spoof the ADDBA frame and tamper the
sequence details causing the recipient
(in this client) to drop some or all the
frames
This would result in re transmission or
can also lead to DoS
Alternatively malicious DELBA
messages can be sent to untimely free
the sender and receiver buffers causing
disruption of service
Figure 9
15. Issue17 – June2011 | Page-15
References:
[1] http://airsnarf.shmoo.com/
[2] MdSohail Ahmed from AirTight
networks.
http://www.airtightnetworks.com/
WPA2-Hole196
BlackHat 2010
[3] High Speed Risks in 802.11n Networks
by Joshua Wright from Aruba Networks
presented in RAS Conference 2008.
Note: By the time of this writing, a very
good tutorial series has been launched by
VivekRamachandranOn SecurityTube.net.
Vishal Kalro
Ishan Girdhar
Vishal is an Information Security
Consultant specializing in Infrastructure
& Network Security. He has also
published articles on Cloud Computing
Threat & Security, Measuring WAN
Performance & Social Engineering. He
loves playing Badminton and reading
fiction novels.
Ishan Girdhar working as a
Information Security consultant. Ishan
loves exploring different linux
distributions. He is currently working
with AKS IT Services Pvt. Ltd Noida.
16. Issue17 – June2011 | Page-16
Wi-Fi Tools
This section in itself may look incomplete,
to have full flavor read Tech Gyan.There are
many Wireless Testing tools in the wild for
the different OS flavors right from
Windows, Unix to Smart Phone OS. Unix
based tools remain the most popular among
them.
Unix
Backtrack which is a Unix distribution for
Ethical vulnerability assessment &
penetration testing (VA&PT) has an
impressive collection of tools for
reconnaissance, vulnerability assessment,
cracking keys & passwords, penetration
testing etc.
To name a few:
1 Kismet - Kismet is a powerful analyzer
for analyzing the wireless traffic at a
glance.
The following features are supported by
Kismet:
802.11b, 802.11g, 802.11a, 802.11n
sniffing
Standard PCAP file logging (Wireshark,
Tcpdump, etc)
Client/Server modular architecture
SSID detection (including hidden
SSID‟s)
Distributed remote sniffing with Kismet
drones
XML logging for integration with other
tools
Linux, OSX, Windows, and BSD support
(devices and drivers permitting)
Fig 1: Kismet showing the Network List & Details [1]
17. Issue17 – June2011 | Page-17
2. Air Crack – It assists in cracking WEP
& WPA-PSK and recovers the keys being
used. It contains tools like Air Decap& Air
Replay (802.11 packet injection utility),
Airodump (used to capture 802.11 packets)
etc. thus making it a suite containing tools
and utilities for auditing of wireless
networks.
3. Airsnort– It recovers encryption keys.
4.CowPatty– It is used to audit WPA-PSK
keys
5. FakeAP – Used to generate spoofed/
counterfeit 802.11 b access points
6.Karma – KARMA once again is a popular
suite of tools used for Wireless Auditing. It
can discover the clients and the wireless
networks as per client preference. Rogue
AP‟s can be created to capture client
credentials or exploit the vulnerabilities on
the client side.
7. GerixWiFi Cracker– Once again a very
good GUI based tool comes pre-installed in
BackTrack 4. It can be used for WEP & WPA
cracking, to create Fake AP‟s etc.
There are lots more. For more details on
BackTrack refer to – http://www.backtrack-
linux.org/
Windows
NetStumbler:
NetStumbler also known as Network
Stumbler is an excellent Windows based
tool for Wi-Fi reconnaissance.
Usage of NetSumbler:
Ward-riving
Identifying SSID‟s
Identifying rogue Access Points (AP)
Assistance in determining the location of
the AP‟s
Determining signal strength etc.
Fig 2:Gerix, a GUI based security tool
Fig 3 NetStumbler [2]
18. Issue17 – June2011 | Page-18
Wi-Fi Scanning using
Smartphone
Classically for War Driving the following
items were needed:
Laptop with Wi-Fi card
GPS Module for mapping the location of
the Access Points
What you need today is only a Smart Phone!
There are quite a few Wi-Fi Scanning / War
Driving applications for all breeds of Smart
Phones. They not only detect the Wi-Fi
network but help in disclosing the SSID‟s,
type of encryption, channels, signal strength
and mapping the position of the access
points on Maps giving the approximate real
time location of AP‟s.
WiGLEWifi War driving:
This is a FREE application available on
Android Market and is a good to have. It not
only lists the Wi-Fi network in range along
with SSID‟s but also discloses the
encryption and authentication protocol
being used. It also plots the approximate
location of the Access Point on a map.
The details like channel used, signal
strength, latitude & longitude etc. are also
captured.
The other commonly used tools for Android
platform are:
Wardrive
WiFi Buddy etc.
Then there is MiniStumbler which is
called the little brother of NetStumbler for
Pocket PC‟s (Windows) platform.
MiniStumbler helps in:
Detecting SSID‟s
MAC Address of the AP / Wireless router
Encryption type
Channel & signal strength
Plots co-ordinates if a GPS device is
attached / present on the handheld etc.
Similarly there are tools / utilities available
for other mobile platforms as well.
Fig 5 MiniStumbler Windows Utility [4]
Fig 1: WIGLE WiFi, Android based Utility [3]
19. Issue17 – June2011 | Page-19
References:
[1]
http://www.wirelessdefence.org/Contents/
kismetMain.htm
[2] http://www.networkuptime.com
[3]
http://www.androidapplicationspro.com/wi
gle_wifi-wigle_net-1_12-download.html
[4]
http://flylib.com/books/en/1.323.1.17/1/
Vishal Kalro
IshanGirdhar
Vishal is an Information Security
Consultant specializing in Infrastructure
& Network Security. He has also
published articles on Cloud Computing
Threat & Security, Measuring WAN
Performance & Social Engineering. He
loves playing Badminton and reading
fiction novels.
IshanGirdhar working as a Information
Security consultant. Ishan loves
exploring different linux distributions.
He is currently working with AKS IT
Services Pvt. Ltd Noida.
20. Issue17 – June2011 | Page-20
Wireless Security
– Best Practices
This article is about different kind of Best
Practices that should be followed when
using Wireless LAN.
What is Wireless LAN
The Wireless LAN or WLAN is becoming a
popular way to connect devices such as
computers these days. In offices and homes,
WLAN has become an alternative way of
communication compared to wired LAN.
The convenience to connect different
devices is both cost effective and easily
maintainable.
The Wikipedia says: “Wireless LANs have
become popular in the home due to ease of
installation, and the increasing to offer
wireless access to their customers; often for
free.”
The other factors why WLANs are becoming
more acceptable are:
1. No need to be connected physically
with each other through any medium
such as cables. You can roam around
freely in office premises, home or
around.
2. WLANs are cost effective. Cabling all
the way in the offices, hotels etc are
not needed. So its cheap and provide
same quality of service.
3. Unreachable spots where a cable is
hardly accessible, WLAN signals can
reach out such as big installations
like airports. Also surfing outdoors is
also convenient. Just install the
device called Access Points (AP) and
you are done.
4. Less interruption and easy trouble
shooting in case of failures as
compared to cabled networks.
5. More secure as most of APs support
best encryption methods which
protect them from sniffing and other
attacks.
21. Issue17 – June2011 | Page-21
Major issues with WLAN
Having said that, WLAN are also as prone to
various attacks as their counterpart wired
LNAs are. Actually WLANs are easier to
hack as compared to wired LANs, if not
properly configured, due to its easy
accessibility around the installation. No
need to be in contact of physical wires to
hack, can be done from anywhere. Its
convenience can turn into serious risk to the
organization if not configured properly.
Major attacks include such as, Sniffing, Key
cracking, DoS (Denial of Service),
Deauthentication attacks, War driving etc.
As this paper is not focused on attacks, we
shall mainly concentrate on best practices-
how to install and use WLAN securely which
can thwart a number of above mentioned
attacks.
Secure WLAN
Wireless Security mainly depends on these 3
factors:
How much is your wireless network
secured in terms of encryption being
used.
Monitoring for suspicious and
unusual activities.
User awareness and education.
These are the combination of various
approaches ranging from corporate to home
networks. These are also for users how to
remain safe while surfing.
A typical wireless network
22. Issue17 – June2011 | Page-22
Wi-Fi at home
I believe using a Wi-Fi at home is not a
luxury anymore it has become a necessity.
However, when the question of security
comes into the scene, the first thought that
would arise in my mind is how you can
protect something which you cannot see,
neither can you feel it?
Protecting a home wireless network is
altogether a different side of the coin as
compared to wired networks. Most of
wireless network device vendor‟s and
Internet Service provider do not provide any
security settings by default and leave the
customer to fend for herself. So make sure,
your network is secured from being
maliciously used.
There is no silver bullet that will protect
your wireless network infrastructure. These
are, however, some countermeasures listed
below that should be used in conjunction
with each other to secure your wireless
network to the highest level:
1. Use most secure possible
encryption:
The first and most necessary step- use
industry standard encryptions. The old
(however generally used) WEP-Wired
Equivalent Privacy, has been known to
be broken. Even you use complex
passwords it can be broken and
decrypted within minutes or hours.
WEP uses 40 bit or 128 bits RC4 ciphers
to encrypt the channel. Instead use
secure protocols such as WPA 2 – Wi-Fi
Protected Access -2, which uses strong
128 bits AES ciphers and is typically
considered more robust encryption
strategy available.
Attacks mitigated: WEP Key cracking,
Sniffing, Capturing/Eavesdropping
2. Use Firewall:
All the wireless routers come with built-
in firewalls. Enable them with all the
security features. You should block any
anonymous ping requests and place
restrictions on website browsing, if
required. Define additional security
policies and apply them.
Attacks mitigated: Fingerprinting,
System compromise
3. Have a monitoring system in
place:
There‟s a saying- prevention is better
than a cure. If you are able to detect
some suspicious activities before it
penetrates your network, you can block
them or take precautionary measures.
Deploy WIPS/WIDS for monitoring
suspicious activities.
Attacks mitigated: Scanning, DoS
4. Don’t use default credentials:
Every wireless router comes with a set of
default username/password.
Sometimes, people don‟t change them
and keep using them for long time.
Username and passwords are used by
computers or other devices to connect to
wireless router. If any hacker is able to
guess them, he can connect to your
network easily. Studies show that
majority of users use the same
combination of username/passwords as
set by manufacturers. Some default
username combinations are:
admin/admin, admin/password or
admin/ “ “.
Attacks mitigated: Unauthorized access,
War driving
5. Disable Auto-connect feature:
Some devices or the computers/laptops
have „Let this tool manage your wireless
networks‟ or „Connect automatically to
23. Issue17 – June2011 | Page-23
available network‟. Such users having
this auto-connect feature enabled are
prone to Phishing attack or Rogue AP
attack. Attackers keep their APs alive
and kicking for such kind of
unsuspecting users. They also use luring
names as „HotSpot‟, „SecureConnect‟,
‟GovtNetworks‟ etc. The user will never
suspect them and keep surfing the
wireless network happily. Also if you
have not changed the default password
of your router, the attacker will try to
use this feature on their machine and
automatically connect using the easily
guessable default passwords.
Attacks mitigated: Phishing, Sniffing,
Rouge AP association
6. Don’t use public Wi-Fi spots to
surf sensitive websites:
Free and open wireless networks
available on airports, cafes, railway
stations are not very secure by nature.
They do not use any encryption to
secure the channel between your laptop
to the router. So any information which
is not by default going on HTTPS from
your laptop/smart phone is susceptible
to sniffing and even more your session
could be hijacked because the
unencrypted channel may leak the active
session ID used by your website.
Recently to demonstrate these types of
attacks one researcher developed a tool
Firesheep.
[http://codebutler.github.com/firesheep
/]. All the attacker needs to do is to just
install this tool in Firefox and start
sniffing the communications on a public
unencrypted Wi-Fi. Some applications
like Facebook encrypts the login page
[HTTPS] but internal pages are served
on unencrypted [HTTP] channel so your
session ID can be leaked. I had blogged
about this tool and its countering tool
Blacksheep [ZScalar] here:
http://nileshkumar83.blogspot.com/20
10/11/firesheep-session-hijacking-
tool.html.
Attacks mitigated: Sniffing, Session
Hijacking
7. Change the default SSID:
Although this will not prevent hackers
breaking into a network, using a default
SSID acts as an indication that the user
is careless. So he may be an obvious
target to explore further to see if he still
uses the default passwords as well?
Attacks mitigated: War driving
8. Restrict access by assigning static
IP addresses and MAC filtering:
Disable automatic IP assigning feature
and use private static IPs to the
legitimate devices you want to connect.
This will help you in blocking unwanted
devices from being connected to your
network. Also, enable MAC filtering-
router remembers MAC of each and
every device connected to it and saves it
as list. You can use this facility to restrict
access. Only a set of trusted devices can
be allowed to connect. However MAC
spoofing is still possible but it raises an
extra bar for your wireless network.
9. Turn off your router when not in
use:
Last but not least, a little obvious, but it
will save your network from all the
attacks for that time period.
Wi-Fi in a Corporate/Enterprise
Network
Due to the nature of activity and criticality
of information, it is very important that
Corporate / Enterprise networks have a
higher degree of security.
24. Issue17 – June2011 | Page-24
The following are good to have:
Defining an adequate organization
wide Information Security policy &
procedures for wireless network
SSID‟s should not be associated with
the organization, AP vendor or any
other related information which
would be easy to guess or associate
with the current organization
Enable WPA2 Enterprise encryption
with RADIUS authentication and use
of EAP protocol like EAP-TTLS, TLS
etc.
Implementation of PKI
infrastructure. CA signed certificates
to authenticate the server to client
and vice versa
Filtering of clients based on unique
identifier like MAC Address
Isolated „Guest‟ wireless network
with no interface / connection to the
corporate network
Limiting the radius of Wi-Fi network
by reducing the power output of the
AP
Allocating IP Address to the
employee and guest machines only
after successful authentication
Periodically changing the keys &
passwords
Use of VPN while accessing
corporate information from Public
Wi-Fi network
Client side utilities like
DecaffeintIDcan help in detecting
changes in ARP table and serve as
common man‟s IDS to protect
against attacks like „hole196‟ and
DoS.
Implementation of Wireless IDS.
Wireless IDS is a new concept. The
key features of Wireless IDS are:
Prevention against Rogue
AP‟s
Detection & prevention
against DoS attacks
Assistance in locating the
approximate physical
location of the attacker
Assistance in enforcing the
Organization‟s Information
Security policy on wireless
networks
Detection of use of scanning
tools like Kismet
&NetStumbler
Snort-Wireless & WIDZ are
examples of the open source
Wireless IDS
Nilesh Kumar
Nilesh Kumar is working as a Senior
Engineer-Security Analyst with Honeywell
Technology Solutions Lab, Bangalore,
India. He is mainly focused on
Application Security, Network Security
and Wireless Security. Apart from that he
shows interest in Reverse Engineering.
His blog:
http://nileshkumar83.blogspot.com/
26. Issue17 – June2011 | Page-26
Copyright and
Cyberspace
Copyright in cyberspace
primarily exists at two levels
Computer Source code.
Computer database.
Copyright
[This concept is explained using simple
fictional illustrations involving Revati, who
has created easyPDF, a computer program
for converting documents into PDF
(Portable Document Format)]
According to Section 14 of the Copyright
Act, "Copyright" means the exclusive right
to do (or authorize the doing of) any of the
following:-
1. To reproduce a computer
programme in any material form
including the storing of it in any
medium by electronic means,
Illustration 1
Revati has the exclusive right to
reproduce the easyPDF program on
CD, DVD and other storage media.
Illustration 2
Revati has the exclusive right to
upload the easyPDF program onto
her website.
2. To issue copies of the computer
programme to the public.
Illustration 1
Revati has the exclusive right to
provide the easyPDF program along
with computer magazines so that the
general public can use the software.
Illustration 2
Revati has the exclusive right to
upload the easyPDF program onto
her website so that people around
the world can download it.
27. Issue17 – June2011 | Page-27
3. To perform the computer
programme in public, or
communicate it to the public.
Illustration 1
Revati has the exclusive right to give
a public demonstration of the
workings of the easyPDF program.
4. To make any cinematograph film or
sound recording in respect of the
computer programme.
Illustration 1
Revati has the exclusive right to
make a promotional film depicting
the working of the easyPDF
program.
Illustration 2
Revati has the exclusive right to
make a promotional sound recording
depicting the working of the
easyPDF program.
5. To make any translation of the
computer programme
Illustration
Currently the easyPDF program has
all the menu commands and help
files in English. Revati has the
exclusive right to make a version of
the easyPDF program that has the
menu commands and help files in
Hindi.
6. To make any adaptation of the work.
7. To do, in relation to a translation or
an adaptation of the computer
programme, any of the acts specified
above.
8. To sell, give on hire, offer for sale, or
offer for hire, any copy of the
computer programme.
Illustration 1
Revati has the exclusive right to offer
the easyPDF program for sale.
Illustration 2
Revati has the exclusive right to act
as an Application Service Provider
for the easyPDF program e.g. a user
will be charged a small fee for every
document that he converts to PDF
using the easyPDF program.
Term of Copyright
Illustration 1
Ketaki creates a computer program
in 2008. She dies on 12th March,
2010. The copyright in the computer
program will subsist for 60 years
from 1st January 2011.
Illustration 2
Ketaki and Rajan together create a
computer program in 2008. Ketaki
dies on 12th March, 2010 while
Rajan dies on 13th July, 2014. The
copyright in the computer program
will subsist till 60 years from 1st
January 2015.
Copyright Infringement
The copyright in a computer program is
deemed to be infringed when any person
without a license or in contravention of the
conditions of a license:-
• Does anything, the exclusive right of
which is conferred upon the owner
28. Issue17 – June2011 | Page-28
of the copyright by the Copyright
Act, or
• Commercially permits any place to
be used for the communication of
infringing work to the public.
The following are also deemed to be
infringement:-
• Distributing, selling or hiring out
infringing copies,
• Exhibiting infringing copies in
public,
• Importing infringing copies into
India.
There are several acts that are not deemed
to be infringement of copyright.
These are explained using the following
simple illustrations given below. In these
illustrations, I have used the fictional
illustration of Revati who has created the
easyPDF software. Sameer has purchased a
CD containing the easyPDF software.
Illustration 1
Sameer can make a backup copy of
the easyPDF software on another CD
so that in case the original CD gets
damaged, he can reinstall from the
CD ROM.
Punishment for copyright
infringement
Knowingly using the infringing copy of a
computer program on a computer is
punishable with:-
• Imprisonment for a term between 7
days and 3 years and
• Fine between Rs. 1 lakh and Rs. 2
lakh.
In case the infringement has not been made
for commercial gain, the Court may impose
no imprisonment and may impose a fine up
to Rs 50,000.
The offence can be tried by a magistrate not
below the rank of a Metropolitan Magistrate
or a Judicial Magistrate First Class.
In case of offences by companies, persons in
charge of the company are also liable unless
they prove that the offence was committed:-
• Without their knowledge or
• Despite their due diligence to
prevent it.
Understanding Computer Software
According to Section 2(ffc) of the Copyright
Act, a computer program is a “set of
instructions expressed in words, codes,
schemes or in any other form, including a
machine readable medium, capable of
causing a computer to perform a particular
task or achieve particular results”.
The essential elements of a
computer program are:-
It is a set of instructions expressed in:-
• Words,
• Codes,
• Schemes or
• In any other form, including a
machine readable medium.
Which is capable of causing a computer to:-
• Perform a particular task or
• Achieve a particular result.
Computer software is “computer program”
within the meaning of the Copyright Act.
Computer programs are included in the
29. Issue17 – June2011 | Page-29
definition of literary work under the
Copyright Act.
Computer Database & Law
According to Section 43 of the Information
Technology Act (IT Act), a "Computer data
base" means,
a representation of information, knowledge,
facts, concepts or instructions in text,
image, audio, video that are being prepared
or have been prepared in a formalized
manner or have been produced by a
computer, computer system or computer
network and are intended for use in a
computer, computer system or computer
network.
Essential elements of “computer
database”:-
A. Computer database is a
representation of
Information,
Knowledge,
Facts,
Concepts or
Instructions
B. This representation can be in
Text,
Image,
Audio,
Video
C. This representation must be such as
Being prepared in a formalized
manner or
has been prepared in a formalized
manner or
has been produced by a computer,
computer system or computer
Network
D. Computer database is intended for use in
a computer, computer system or computer
network.
Illustration 1
Sameer has prepared an online
database of all Hindi movies. This
database is searchable by movie
name, director name, lead actor etc.
Illustration 2
The Noodle Ltd website contains
several password protected web-
pages. The usernames and
passwords of all authorized users are
contained in a Microsoft Access
database.
Illustration 3
Noodle Telecom Services Ltd creates
a CD ROM containing the names
and phone numbers of all their
subscribers.
Illustration 4
Noodle School has an automated
system for student administration.
This system is powered by a
database that contains detailed
student information.
One table of this database is titled
“basic_info” and contains the
following categories of information
Another table is titled
“student_marks” and contains the
following categories of information:-
Roll
no.
Name Address Phone Email
30. Issue17 – June2011 | Page-30
When a student‟s report card is to be
prepared, the system automatically takes
the marks from the “student_marks” table
and the name and contact information from
the “basic_details” table. It then collates the
information and prepares the final report
card.
Illustration 5
Noodle Law Firm has prepared a
computerized database of all their
client companies along with the
relevant contact persons.
An interesting element of computer
databases is that copyright can exist in two
levels.
Firstly, the information contained in
the database may be the subject of
copyright
E.g. A list of computer
vulnerabilities and the relevant
security measures.
Secondly, the actual representation
of this information may be the
subject of copyright protection
E.g. the above mentioned
information in a searchable online
database.
Diljeet Titus case
Diljeet Titus vs Alfred A.
Adebare and Ors.
130(2006) DLT330, 2006(32)
PTC609 (Del)
This case involved two counter suits filed by
a group of legal professionals. Diljeet Titus
(the plaintiff) is the proprietor of Titus and
Co.
His colleagues Alfred Adebare, Seema
Jhingan, Alishan Naqvee and Dimpy
Mohanty (hereinafter referred to as
defendants) had left Titus and Co.
While leaving Titus and Co, the defendants
had taken with them computer data (from
the computers of Titus and Co) relating to:-
1. proprietary drafts of precedents,
agreements, forms, presentation,
petitions, confidential documents,
legal opinions, legal action plans,
and
2. Computerized database containing
client information, proprietary client
list, proprietary potential client list
and other related information.
Titus claimed to have copyright over the
above. The defendants claimed to be the
owners of the copyright in what they had
created. It was their contention that the
creation was independent and was created
by advising and counseling the clients.
The defendants sought a decree of
declaration that they were the owners of the
copyright in what they had created and
sought a permanent injunction against Mr.
Titus and his firm from using and parting
with the same.
The question was whether there was
exclusive right of any of the parties in what
they had created or it was a joint right.
Roll
no.
Test 1 Test 2 Test 3 Final
31. Issue17 – June2011 | Page-31
Conclusion
The Court held that Titus and Co. was a sole
proprietorship concern and not a
partnership. It held that the defendants did
not have a right over the subject matter of
the suit.
Sagar Rahukar
sr@asianlaws.org
Sagar Rahukar, a Law graduate, is
Head(Maharashtra) at Asian
School of Cyber Laws. Sagar
specializes in Cyber Law,
Intellectual Property Law and
Corporate Law. Sagar also teaches
law at numerous educational
institutes and has also trained
officials from various law
enforcement agencies.
32. Issue17 – June2011 | Page-32
Forensics with
Matriux - Part 2
Hi readers,
In the Part I of the article on Forensics with
Matriux, we had highlighted the forensic
acquisition techniques using Matriux
distribution. In this second part, we will
cover the tools that focus on analysis
techniques.
Forensic Analysis techniques can be used to
discover Deleted Files, Cloaked files,
Encrypted files, Fragmented files, PDF,
Browser, V irtualisation, Memory and etc.
Vinetto:
This is a basic introduction
more advanced details can
be found in official vinetto
documentation.
Vinetto can be seen in
Aresenal> Digital Forensics
>Analysis> vinetto
Windows Systems stores
images as Jpeg, Jpg, png,
Gif etc. image file format and html as thumb
nails. Windows creates thumbs.db files to
store these entries to minimize the CPU
usage to process the images. Thumbs.db file
stores images previews as an Alternate Data
stream in the file system;the file size
depending on the number of images stored
in the folder. We can enable / disable the
feature of thumbnail caching from folder
options in Windows Explorer. Thumbs.db
files are created every time when a file
added to the folder.
Even if folder/files is encrypted by
Microsoft EFS an image preview will be
available in thumbs.db and hence these can
be analysed.
Figure 2
33. Issue17 – June2011 | Page-33
Vinetto works in three modes as:
Elementary mode
It extracts thumbnails information from a
thumbs.db file
Directory mode
It will report the thumbnails that are not
associated to a file into the directory.
File System mode
It will check for the data in whole File
system (FAT/NTFS)
How vinetto can be useful for a
forensics expert:
While carrying out an investigation,
the forensics expert can have a quick
review of all the images in a browser
and can proceed further easily. Mostly
investigations into Thumbs.db files are
used in Child pornography cases.
Installation in ubuntu:
Through synaptic
sudo apt-get install vinetto
Pre requisite :Python, Python Imaging
Library
Usage:
vinetto path of thumbs.db
vinetto--version shows version number of
vinetto
vinetto -h, --help show this help message
and exit
vinetto -o DIR path to
the thumbs.db write
thumbnails to DIR
vinetto -H write html
report to DIR
ex:
vinetto /home/matriux/Desktop/Thumbs.db
vinetto–
o/home/matriux/Desktop/vinetto_output
/home/matriux/thumbs.db
vinetto -H -o /home/matriux/html
/home/matriux/thumbs.db
Fig. 3 represents the Report generated, it
consists of Report date the report generated
date
File Metadata information of the thumbs.db
file as directory and modification, Filesize
Figure 2
Figure 3
34. Issue17 – June2011 | Page-34
Root Entry modified timestamp - this is the
time stamp of the thumbs.db file modified
And thumbnail previews with time stamps
Other Analysis tools will be covered in next
issue.
References
http://vinetto.sourceforge.net/
More details please check
http://vinetto.sourceforge.net/docs.html
For any further details/queries mail @
pardhu19872007@gmail.com .
TEAM MATRIUX
http://www.matriux.com/
follow @matriux on twitter.