Ethical Hacking vijaykumar Devireddy

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 88 today we're going to discuss about Physical security.Physical security is really important to your organization's network security.After all, if an attacker is able to touch your network,your server, or your work stations,they can take control over those devices and do whatever they want with them.While we've been talking a lot in this course about all of the logical protections you can put in place,things like firewalls and intrusion detection systems,router ACLs, passwords, encryption,and all sorts of things like that,our physical security is just as important.Now, physical security is usually broken down into three main areas.We have the perimeter,we have the building,and then we have the room itself.So when I start talking about the perimeter,I'm talking about, as I approach your building, what is in my way?Are there fences?Are there guards?Is there some sort of vehicle access point?All of those type of things, that's our perimeter.What keeps us at bay and away from the building? Next, we get to the building security. Is the front door unlocked? Can I walk right in? Do I have to show my ID? Do I have to check in with somebody? What are the different controls you're putting in place to secure that building?And then finally we have the security of the room where your equipment is located.Now, if this is an office, this is going to be someplace that people actually work, and so people have to be able to get in there to access those terminals.How are you keeping unauthorized people out of those offices?And if you're dealing with a server room or a networking closet, those are places that people don't normally work inside of.And so when nobody's in there, we should be locking those using some sort of locking mechanism,whether that's a door lock, an electronic lock,or some other mechanism.Now, we'll talk about that all inside this section of the episode.

Hello everyone welcome to the show "Ethical Hacking" episode 87 today we are going to discuss about We just spent a lot of time talking about wireless networks, but there are other wireless networks out there besides Wi-Fi.These include things like Bluetooth,RFID, Near Field Communication, cellular,GPS, and satellite communications.Previously, we've talked about some vulnerabilities with Bluetooth.I want to remind you of two big terms when it comes to Bluetooth.This is bluejacking and bluesnarfing.I'm covering these again because I guarantee you're going to get at least one question on test day about either bluejacking or bluesnarfing really loves to ask that for some reason.Bluejacking is the sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and tablets.Bluesnarfing, on the other hand,is the unauthorized access of information from a wireless device through a Bluetooth connection.So, to simplify this for the I want you to remember this.Bluejacking sends information to a device where Bluesnarfing takes information from a device.If you remember those two things,you'll do great on the exam.Also, when it comes to Bluetooth,remember you don't want to allow your device to use the default PIN for its pairing operations You should always change the PIN to something more secure than 1234 or 0000.Next, we have Radio Frequency Identification or RFID.RFID devices have an embedded radio frequency signal that's used to transmit identifying information about the device or the token to a reader that's trying to pick it up.RFID refers to a large category of devices and technologies,but, for the exam, the specifics of RFID are not that important.Instead, you need to focus on the fact that RFID devices can send information from a card to a reader to provide authentication or identification.For example, one of the most common devices that we use RFID for is a card that looks like a credit card,and can be used as part of your alarm system or door access system.So, with these cards, you can swipe your card over the reader, and it identifies you and allows you to enter the building.Because there are so many different types of RFID devices, RFID can operatein either very close environments or very far environments.It can be as close as 10 centimeters from the reader or as high as 200 meters from the reader depending on the particular device and technology in use.Because of that large distance,RFID is subject to eavesdropping,the ability to capture, replay, and rebroadcast its radio frequency as part of a larger attack.To minimize the ability to eavesdrop on RFID, an idea called Near Field Communication was invented.Near Field Communication or NFC allows two devices to transmits information when they're in close proximity to each other.This occurs using an automated pairing process and transmission process of that data.For example, some cellphones have the ability where you can touch the cellphones together to pass photographs back and forth.Other uses of NFC are common place in payment systems.For example, I have an iPhone,and I can hold it over a credit card terminal to pay with my credit card that's linked through Apple Pay.This is an example of a Near Field Communication device.Just like RFID, we do have to worry about the possibility of interception of that wireless information though because it could be replayed and rebroadcast Now, luckily for us, NFC does require the devices to be very close for the communication to work.

Hello everyone welcome to the show "Ethical Hacking" episode 86 today we are going to discuss about So we've talked about securing our wireless networks.Let's now spend a few minutes talking about the different types of attacks that focus on our wireless networks.The first is war driving.War driving is the act of searching for wireless networks by driving around until you find them.You could try this tonight. You can go sit in the backseat of your car,have your friend or your wife,drive you around the neighborhood and see which networks you can connect to.That's the idea here.They're simply going to drive around and hunt for networks.Now the attackers here are going to use different tools to do this.They can use wireless survey tools or other open source attack tools, but the common theme here is just finding out what networks are around and where you can access them from.Why would an attacker want to find open wireless networks or networks that they can get on to?It's not necessarily to attack your network,but it's to attack other networks through your network.So that way if they are doing some hacking or something like that,it traces back to your home and your home network,as opposed to tracing it back to them.The next type of attack is called war chalking.War chalking is the act of physically drawing symbols in public places to denote the open, closed, or protected networks that are in range.It gets its name because in the early days,people would actually take chalk and draw on a telephone pole different symbols to tell other people what it is.Now an example of this might be as you're doing a war driving,you might find an open network.If you did, you could find a telephone pole nearby,you can mark it down with a symbol like this.We have two open half circles faced back to back with the SSID of it written above them and the number below to signify the bandwidth of the network.Afterall, attackers can be nice people too.And they like to share their findings with others and they wouldn't want somebody else wasting their time looking for a network,only to find it has low bandwidth.So by marking that down,you can help other people avoid that network.Now in addition to open networks, you may find closed networks If you find a closed network,it's going to be a closed circle with an SSID written above it and bandwidth written below it.This tells us that network has some kind of encryption,it's closed,but we haven't quite figured out the password yet.Now if we do figure out the password,we can actually use this other symbol.We have the closed circle,we have the SSID on the top left left,we have the password on the top right,and the bandwidth below it.Inside the circle we might write something like W or WEP or WPA2,so people know what type of encryption they need to connect to that network.Now as I said war chalking is not nearly as popular as it used to be.In fact we don't really see a lot of these symbols around in the city anymore.Instead, most of this is being done digitally. This is being done as part of websites or other apps that hackers use and share their finds,so people know what other kind of WiFi is out there.The next attack we have is known as an IV attack.An IV attack occurs when an attack observes the operation of a cipher being used with several different keys and they findthis mathematical relationship between those keys to determine the clear text data.Now I know that sounds really complicated,but the good news is you don't have to do the math to do it.There's programs that do it for you.This happened with WEP because of that 24 bit initialization vector.It makes it very easy to crack WEP because there's programs that do it for us.

Hello everyone welcome to the show "Ethical Hacking" episode 85 today we are going to discuss about Wireless access points.In addition to selecting the right encryption,it's also important to select the right placement and configuration of your wireless access points,in order for you to achieve a good security posture.Most small office, home office wireless system rely on a single point to multi-point setup.This relies on having a single access point that services all of the wireless clients.For example, on this floor plan,you can see the strongest signal is the red spot,that's centered around a single wireless access point,and all of the other office cubicles are connecting back into it.In this next example,you can see a multi-point to multi-point system.This has multiple access points that are going to be used to provide the wireless network services in an ESS,or extended service set configuration.They're all going to work together to provide one common network that's supported by these multiple access points.Now, in both of the previous examples,the wireless access points are using an omnidirectional antenna.This means that the access point is going to radiate out its signal equally in every single direction.Now, this can be good from a coverage perspective,but it also is dangerous.You may want to control which direction the signal is actually radiated, and if you do,you can do that using a bidirectional or a unidirectional antenna.For example, in a unidirectional antenna,all of the transmission power is going to be focused at a single direction.This allows you to choose which areas receive the signals,and which ones don't.So in this example,we're using a left-side focused antenna and it only transmits out to computers on that side of the building,while the computers on the right are going to remain in an uncovered area and not get any signal.Now, we've talked about this back in our network plus curriculum as well,but from an operational standpoint,we're trying to increase the coverage to all areas,when we're talking network plus.Now, from a security perspective, though,we may actually want to limit the area of coverage.Let's look at our heat map once more.Here you can see an extended service set configuration with two access points.Each of those access points has omnidirectional antennas.This is giving us good,adequate coverage around the office base,as you can see inside the floor plan.So our network technician for network plus did a good job here.Now, for this office,each cubicle also has a wired physical connection,but the access point there is just to provide the employees access while they're sitting at those conference tables in the middle,or if they're walking around using their cellphones.Now, all of this is great,and there's good coverage,meaning that it's meeting our operational needs.But, you'll also notice that orange and yellow area,which represents the medium and lower signal areas that are radiating outside the walls of the building.

Hello everyone welcome to the show "Ethical Hacking" episode 84 today we are going to discuss about Wireless encryption. Another huge vulnerability in wireless networks is the encryption that you choose to use.In this lesson, we're going to do a quick review of wireless encryption types,that you learned back in your Network Plus studies.The reason for this is because encryption of your data being transmitted is going to be paramount to increasing the security of your wireless networks.Now, most wireless encryption schemes rely on a pre-shared key.This is when the access point and the client use the same encryption key to encrypt and decrypt the data.The problem with this is scalability becomes difficult.Think about it, when a friend comes over to your house,to use your WiFi.You have to tell him your password.Now, if you have 50 friends come over,you're going to tell 50 different people your password,and now, all 50 of them know your password.And so, this is one of the first problems that we have with wireless encryption,is that if you're going to use a pre-shared key,you've got to figure out a secure way to distribute that key to everybody,and keep it secret.If all 50 people know your password,then it's probably not that secret anymore.Now, there are three main types of encryption that are in use from wireless networks.We have WEP, WPA, and WPA2.WEP is our first one.WEP is the Wired Equivalent Privacy.This came from the original 802.11 wireless security standard,and it claimed to be as secure as a wired network.I'm going to prove this wrong to you in our demonstration later,because we're going to brute-force WEP,and break it in about three minutes.WEP was originally used with a static 40-bit pre-shared encryption key,but later it was upgraded to a 64-bit key,and, then again, to a 128-bit key.This isn't the main problem with WEP, though.The main problem is a 24-bit Initialization Vector,or IV, that it uses in establishing the connection,and it's sent in clear text.As I said, WEP is not very secure,and because of this weak Initialization Vector,we're going to be able to brute-force WEP in just a couple of minutes,using using Aircrack-Ng and other tools.So, to replace WEP, they came up with WPA.WPA is the WiFi Protected Access standard.It uses a Temporal Key Integrity Protocol, or TKIP,which uses a 48-bit Initialization Vector,instead of the 24-bit Initialization Vector used by WEP.The encryption that it uses is the Rivest Cipher 4,or RC4, and it added Message Integrity Checking, or MIC.And, it uses all of this to make sure that the data is secure,and ensuring that it's not modified in transit.Overall, it's a pretty good standard,but it does have some flaws,and so version 2 was released to fix those.WPA version 2, or WiFi Protected Access version 2 was created as part of the 802.11i standard,to provide stronger encryption and better integrity checking.The integrity checking is conducted through CCMP,which is the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol.And, the encryption uses AES,the Advanced Encryption Standard.AES supports a 128-bit key, or higher,and WPA2 uses either a personal mode,with pretty short keys,or an enterprise mode,with centralized authentication via a radio server,or another centralized server,to handle that password distribution we were talking about.Now, I want to pause here for a second,and before we go any further,give you a couple of quick exam tips.First, if you're asked about WiFi,and it uses the word, Open, in the question, it's usually looking for some kind of answer that says the network has no security, or no protection.

Hello everyone welcome to the show "Ethical Hacking" episode 83 today we are going to discuss about Securing WiFi devices.Wireless devices are much less secure than our traditional networks because their data streams are simply flying through the air,waiting to be gobbled up by some attacker sitting out there.When we talked about wire tapping in the last lesson,we talked about having to gain access to the network physically.Well, with a wireless network that challenge is eliminated because the network is literally floating in the airways.In this lesson we're going to discuss some of the basic vulnerabilities associated with wireless networks and how you can combat them.First, the administrative access on the wireless access point is a vulnerability.Usually these have default user names and passwords like admin, admin like we discussed before.And you have to make sure you secure them.Also, remote administration should be disabled on your wireless access points.Remote administration is something that allows you to connect over the internet and then make changes to your wireless access point.You don't need that.Instead you should turn it off and make sure that you're doing it locally inside your network only to minimize that risk.The second vulnerability we have to think about is the service set identifier,or the SSID.Back in network plus you learned that the SSID is what uniquely identifies the network and it acts as the name of the wireless access point that the clients are going to use to connect to it.For example, if you came by my offices,you would see that my network is the oh so hard name to guess of vijay.Anyone who sees that might think hey that might be vijay kumar's WiFi, right?Well, that's the SSIDs job.It sits there and it broadcasts out hey I'm here,I'm here, I'm vijay, I'm vijay I'm vijay Now, according to you should disable the broadcast.So clients have to already know the name of it prior to connecting to it.They say this is a way to slow down the bad guy from attacking your network.As an ethical hacker myself,I can tell you that it isn't really going to slow me down.If you aren't broadcasting openly,your clients are still sending the same wireless access point information and that SSID with every single communication they make.It takes me about five seconds to find out your SSID if you're not broadcasting.So by disabling it you're just making operations harder for yourself and you're not really gaining any security here.Now all of that said,if you're asked disable SSID broadcast is considered good security in the security and you should implement it.In the real world, it really doesn't matter that much.Now the next one we're going to talk about is rogue access points.Rogue access points are another vulnerability out there.A rogue access point is an unauthorized wireless access point or wireless router that somebody connected to your network and it's going to give access to your secure network.For example, if you walk around your office and somebody decided that they didn't want to plug into that RJ45 jack all the way in the back wall over there,so they put a wireless access point so they can access it throughout the whole room.That makes operations easy for them,but that wireless access point wasn't properly configured.This is going to extend your wired network into the wireless realm,and it can introduce it's own DHCP server and cause all sorts of other issues.To prevent this you should enable MAC filtering on the network,network access control and run a good IDS or IPS on your network that can detect or prevent these devices when they initially try to connect.