1.4 Analyze potential indicators associated with network attacks.

1. Evil Twin and Rouge Access Point

In this video, we're going to be talking about two wireless attacks. You need to know for your exam that there's going to be an evil twin and a rogue access point. Let's get started. So, evil twin, I like this one. This is a pretty cool attack to do against your users. Now, let's say you can't break into somebody's network. You can't get the WPA two keys. Now, WPA Two is almost impossible to crack if they have a complex key. It does use AES encryption. Again, check the encryption section to know why that's so impossible. Now, the evil twin. Here's how this works. So imagine someone going out and setting up a fake access point that mimics the real access point. And then users join the fake access point, thinking it's the real one. So let me give you an example. Let's say you go to Starbucks, right? Starbucks WiFi You go to Starbucks. It's a coffee shop. You're sitting down. You click on the link. You want to get the Internet so you can do some work. You click on the link, you see Starbucks WiFi, and you see Starbucks WiFi. Now you see two wireless networks with the exact same name. So which one is the real one? That one we're not too sure about, right? Because one of them is a real one and one of them is a fake one. So what attackers do is they set up these fake networks that mimic the real networks. When you click on it, you're basicallyin their network, and they can sniff all the traffic coming through their network. Now because you're in anything that's in clear text,such as if you were logging into banking websites, that's still in clear text, emails, anything like that,that's in clear text, you'll be able to sniff the traffic and see all of your data. And then what they do is they can even set up something called a captive portal. Captive portals are basically when you join a wireless network, you get a screen that may ask you to enter information, or you may get a screen that tells you the policy. Think of it when you join, like, a hotel WiFi,where it's like, "Hey, input your room number here, put your last name and your room number, something like that." Imagine you join a wireless network and it prompts you for a key or prompts you for credit card information or passwords. And people just enter it because they think that joining legitimate WiFi, in other words, is stealing the information. Now, is there a tool to do this? I'm going to show you a tool to do it. I covered this more in my ethical hacking classes. I showed them how to set it up. You do need a WiFi card in order to really work in order to set it up. But for your class here, we just need to know exactly what an evil two is. Here's? A quick tool for doing this in Kanye Linuxarrogant is basically the tool that gets this done. It's not hard to set up. It does most of the work for you. It's basically a script that does all the work for you. This year it will do the evil twin for you. It creates the captive port so you can recapture people's keys I thought that was pretty serious stuff there all right. Because think about this. Here's what you can do with a serious tool like this. You can go to Citibank, Chase Bank, or whatever big organisation you roll up next to with a car. You take out your laptop. You set up your little set up going there, and you take the software you created to invite another Citibank wireless network user. They think they're joining the real city bank when they click on your fake one. prompts them for the key. They think they're joining the real one. right? They put in the actual key and before you know it, you have captured the key. Now you can use that key to authenticate to the real Citibank network. The dangerous thing is, the question is, how would you stop this? When joining networks, the best thing to do is never join public networks Your users should be aware that they should only connect to private hotspots, so you would advise them not to connect to any public WiFi, such as that found in a coffee shop or a hotel. The best thing to do would be to carry your own hotspot like on my phone. It does internet sharing on my phone, so I can use this instead of connecting to any public wireless The next attack we'll talk about in this video is going to be something called a rogue access point. Now this one arogue access point is basically an access point that's set up on your network that's actually done without authorization, all right? That's all it is. It's basically somebody setting up an access point on your network without authorization, whether they maliciously did it to circumvent the security of the network or they're doing it because they honestly don't know that they shouldn't be doing that. So imagine you work in an organisation and an employee wants wireless but the company doesn't offer it due to security reasons. The guy goes out to an electronic store and buys an access point. He takes it to the network. He instals it and then he misconfigures it by putting in some easy to crack passwords on theWPA. Before you know it, it opens up a vulnerability in your network. Now this is a person doing it maybe not the intent of breaking the network, but it is a security problem, so a rogue access point is The network is basicallyan access point in your network that is set up without permission. How do you fix it? Well, what you've got to do is to do periodic scans of your wireless network in your vicinity. You've got to scan the network, right? You must scan your network for rogue access points or access points with a strong signal within your physical environment. Then you know there may be a rogue access point. Now, one of the things to remember is to trust no one because you don't know if someone is doing this or not, okay? So scan your network. So, in this video, evil twin, pretty dangerous stuff, I showed you doing that work access point is just an unauthorised access point. You never scan it or define it. And then you want to make sure you get rid of it.

2. Bluesnarfing and Bluejacking

In this video, we're going to talk about Bluetooth attacks and particularly two of them, Blue Surfing and Blue Jacket. So let's talk about Bluetooth technology before we get into it. Today we have a smartphone. Most of us now associate Bluetooth with our phones. You guys have Bluetooth on your phones. You're probably listening to me right now. We also have a Bluetooth enabled headset, and we also have a Bluetooth mouse right here, a Bluetooth mouse. And you can see them. I'm not sure if the video shows that. But you have the blue light layer up there. So we use Bluetooth to connect headsets or phones. You can use it to do data transfer with the Bluetooth enabled keyboard, or you can even send messages and so on over Bluetooth. As a result, there are some Bluetooth attacks. So we need to pay attention to our exams. Let's take a look at what they are. So I got two of them. Here are some quick definitions really quickly. Blue Snurfing Now what is that? So-called "blue snurfing" is basically unauthorised access of information through a Bluetooth connection. It allows people to access your calendars, your contact lists, your emails,text messages, pictures, and private videos. And then the other one you have is the Blue Jacket. So Blue Jacket is the sending of unsolicited messages over Bluetooth by sending a V card. Now let's talk a little bit more about them, and then we'll talk about how to fix them. So, Blue surfing, you're walking around with your Bluetooth device. It doesn't really work on the newer devices. It's really all attacks. But let's say you're walking around with a really old Bluetooth device. The device is set in discovery mode. That means it's on and it can take a connection. People then connect to it. And before you know it, they're looking at your calendars, they're looking at your contact list,they're looking at your emails and text messages. The other one is the Blue Jacket. So you're walking around, and you look at your phone. All of a sudden, boom. A pop-up message comes on that says you've been bluejacked. We have your data. Do this or do that. Basically, send in your messages. This is more annoying than actually stealing your data. So these are the two attacks. Now the question is, how do we fix it? Well, update your phone. Don't use really old devices. Turn off discovery mode. Most phones have discovery mode turned off. So if I look at my cell phone and I look at the Bluetooth connection, it's basically the discovery mode is off. You have to put it on to find Bluetooth devices. If you look at the Bluetooth settings on your phone, you'll see that. So, this is pretty common today to do. Also, another thing that you could do is turn it off when you don't need it. Many of us have Bluetooth enabled, but you may never or rarely use it. Maybe if you're listening to it in a car system,maybe then you're going to turn it on, listen to it, but then at that point, turn it on. Not to mention it'll save you some battery life. So there are some attacks against it. Technology like Bluetooth 5.0, which allows more encryption and is more secure in Bluetooth, is better. Now, just a couple of quick things. Remember, Bluetooth does span a decent distance. You can go up to about 30 feet with a Bluetooth connection. So up to 30 feet away, they could do these attacks on you if you're using a really old device that doesn't support Bluetooth being in undiscovered mode. Or maybe the device itself is easier to crack. Okay, so these are just two terms here that you need to know when it comes to Bluetooth attacks.

3. Cracking WEP

In this video, I'm going to show you how to crack the web. "Web" stands for "wired equivalent privacy." Let's go back in time here in the first and early days of when wireless became popular. Let's go back about 20 years ago to the year 2000, when wireless was becoming popular. People started installing wireless devices, so we needed a way to secure them. So we came up with a web-wired equivalent of privacy. The web was one of the first wireless protocols out there to secure wireless communication. The problem with the web was that the moment it came out, it was basically cracked and we were told never to use it. The problem, though, was that a lot of people started using it. Even 20 years later, when people are aware not to use the web, you can still find wireless networks, particularly older wireless networks that are still configured with web. You also have older wireless devices that only support the web. So some organisations and homes have web enabled, and if they do, it's crackable. Now, as you study for this certification and others like your certified ethical hacker, your CISP, and soon, you're going to read in books and all-security books, basically, you're going to read that says, "Oh, you can crack web." But the question is how easy it is to crack the web. So in this video, I'm going to show you how super easy it is to crack the web. Basically, it's one command. Now, it's gotten so easy. It's just one command. You see what I mean? So, literally, it's one command to crack the web so fast and so easily. So, if you've ever considered whether I should be using the internet, For whatever reason you chose to use the web, I'm about to show you why you should never use it. Okay? So let me explain to you the set up I have here. So I just bought a sonic wall.This is a business-class wireless router firewall. Now, sonic walls Sonic walls are known to be very good small business firewalls. This literally just came out of the box, like, 10 minutes ago. It showed up an hour ago, and I took it out of the box 10 minutes ago. It has all the default configs. All I did was I set up wet on it,and I'm going to walk you guys through the steps. As this class progresses, we're going to be securing this device. all right? So stay with me in the class. We're going to be securing this small business firewall. So I got my sonic wall here configured. I have one of the ports connected to the internet. I have another port connected to the LAN here, so we can access it. Okay? So let's get into this. Let's connect to the sonic wall. We are going to create a website. I got my phone. We are going to connect this phone to our web, to our wireless network. With the web, we're going to generate some traffic. We're going to use Kali Linux and we're going to crack the web just like that. You'll see what I mean? So let's get started. Let's go back to my trusty desktop here. We're going to open up a browser and we're going to go to the sonic wall.Now again, this is default. This is all the default configurations. I have not changed anything on the sonic wall. Notice it carries the default IP address. I haven't even changed that yet. It even has a default username and password,admin and password and password, I guess. I'm telling you, I haven't configured his device yet. Okay? So I opened up my Sonic Wall here and the only thing I did was update the Rom on this, right?I did change security 101. Update your firmer. Okay? So I configured it. So here's the wireless setup for the actual sonic wall. Right now, the base settings are I haven't changed any of this. I'm just going to leave it as mixedmode 811, NBG, doesn't matter right now. It doesn't matter what type of connection I'm using. But notice this. I do want to point this out. This is the SonicWall. This is what came when I happened to change this SonicWall C five-five-five, right? And I'm going to go to security settings here and we're going to make sure the web is inhere and the password I put in here is password 12345. All right, that's my web key. Something really simple. But here's the thing: It doesn't matter how complex your website is, it just doesn't matter. It'll crack it alright. It'll crack the web key. It doesn't matter what type or how complex it is. Here's a 728-bit web key. Now this is already set up, okay? So the next part of this set up is I'm going to take my phone and I'm going to connect to the web network, which I think I already am. So I'm going to go to connections and I'm going to go to my WiFi and yep, it's fully connected to this network. So now that the phone is connected,I'm going to be using an app. When you're cracking the web, you have to start generating traffic. So I'm going to use an app, particularly a speed test app. And you say, why a speed test app? Because when you're doing speed tests, it basically downloads a lot of data. And in order to crack the web, we're going to have to get about 40 to 80,000 packets going across the web network. So you can see right now that rightnow is running that speed test on it. So I'm going to leave that for now and we're going to go back to the computer here and we're going to go to Kali Linux and I'll show you the tool we're going to use. It's difficult to get Kalito to run with a wireless NIC card. You have to mount it as a USB. all right? Get a USB NIC card. So I have a Tplink USB wireless NIC card and it mounts as a USB in the VirtualBox settings. all right? So I'm going to show you that quickly in case you want to follow along with this lab. So I'm going to go to machines, I'm going to settings, and you see, USB is here. So I added it in for me. It would say add and you would select the actual maker of the card there. So it has to be mounted to USB so colleagues can think it's actually connected to it. Remember, it's a virtual machine. all right? So I'm going to go here to somewhat of a start button. We're going to go to wireless attacks and we're going to go to Wi-Fi. This is the tool. Now, this is making it so easy to crack it. OK, so I just opened that. Now, I just clicked on it to show you that it's there. So I'm just going to type in the command and I'm just going to press Enter. And what it does is that it's going to put the Nic card into the monitoring motor and start to detect the wireless network that is there. Now you notice it's found in two of them. all right? So the wireless card detects two of them. So let me run this test again so I can start generating some traffic. So we're going to do CTRL C. It's telling us to press CTRL C when we're ready to select the network. So we press CTRL C. Now it's saying, "Hey, select a target." So I'm going to go in there, I'm going to put in target number one, which is that sonicwall, and I'm going to press Enter. So I'm starting to generate traffic here. Now, I'm going to come to this in a minute, but this is basically going to be an IV attack, all right? So what it wants to do is to capture about 10,000 packages before it can even start to crack the IV or crack the web key. I would say it's going to have to capture right now up to 25,000, I would say between 40 and 80,000 in order to crack the website. So once again, I'm running this year and just generating some traffic. This is easier. There are other things you can do, like replay attacks, and you can generate traffic that way. all right? But if you're connected to a web network that is using a lot of data, people are actually using the network a lot. It's fairly easy to generate traffic. So don't think you're going to crack it like that. You need people to use it in order to actually crack it. Okay, so we're up to what, 64,000? And notice how easy this was. Notice the command. All I typed was WiFi. It's really all I typed. I typed that and I selected a number, and that was it. Now we go into this cracking mode, and we're going to have to give it a little time for it to capture the package. And then it's going to hopefully crack it. Now it's up to 80,000. Up to 94,000 here. I had run this before, and we got it at around-I think we had it at around 80,000 at that point. Okay, so this is cracking with over 100,000. Give it a second, guys. I'm pretty confident that it's going to crack it. But notice, no work, right? No work, no commands. People think cracking the web nowadays requires a bunch of people. It did a long time ago. It did require commands like Aircrack, Ngand, and all these types of things. But nowadays, it's just one command. One command, and pressing the number one on my keyboard cracked it, as you can see. Okay, so here we go. So this one actually took more than I thought. I was thinking about 80,000. I got it at 102,000. Here we go. Here's the password: So password 12345 is my website key. Is it as hard as that? It was no more difficult than that. Okay, So, as you can see, cracking the web was not hard. Now, it didn't matter the strength of the key. It doesn't matter how strong that key was, really. It's an easy to crack web. So if you ever wanted to know if you should ever use the web now, you know never to use it. Now, the way it was done was with an IV attack. I'm going to cover this in my cryptography section. We're going to talk more about this when I get to the cryptography section of this course. What are IVs, what are initializationvectors, and how does this work? Okay, so now you know how to crack a web. You see, it's as easy as that. It was literally one command and press on. The number one on my keyboard was able to crack the web. Now you know why you should never, ever use the web.

4. Disassociation and Jamming

In this video, I'm going to teach you guys about something called wireless disassociation,also known as wireless De Authentication.And we'll take a look at wireless jammers. Now, in this video, basically what we're doing is kicking people off the wireless network. Why would you want to do that? Well, people deauthenticate different people from the wireless network, so when they try to reauthenticate, you can capture the handshake. I'll take that from my EthicalHacking class, how to do that. But in this class, I'm going to show you guys how to run a command really quickly in Kali Linux and how to disconnect people off of a wireless network. Now, you could do this just to create a denial of service against people in a network. So you can run this and you could disconnect an entire group off of a network because you are basically sending what is known as a deauthentication frame to the access point, telling people to kick them off. You'll see that in this video. So I got my sonic wall here set up with the WP connected. I have this wireless phone here that's connected. Now, it's hard to see that. I know it's a little, but can you guys see that? Yeah, you can see right now it's connected. I know it's hard to see that. The lights are so bright in this room. Anyhow, this thing is actually connected. It's connected to the network. So what we're going to do is we're going to disconnect this phone right off of this network, going back to Kali Linux. So I'm going to go run a few commands here. I want you guys to follow me on this. So let's get to this. I got my terminal open. I've already run the commands. I've saved them there to save time typing them. So the first thing I want to do is to monitor the network to see what stations I have out there and what clients I have out there. So we're going to run an acommand here called Arrow Dump ng. And I'm going to say I want to look at the wireless interface here. So let's take a look at this. This is going to take a few seconds here to run. So I have two wirelesss in here, right? I have this one here. Now this is the one with the Web. We know this because this particular one I'm going to kill this.I'm going to just do control slash so I can highlight it. You see this one right here? This one here is the one with the web, the sonic wall. So I know, hey, that's the sonic wall one. The other thing is that I found a host,you see, because this is the B Sid. That's the Mac address, the BS, the Sid. The ESSID is generally the name of the network. The BSSID is generally the mac address of the access point. So you see, this access point has one computer connected to us. And that's this phone here, this Samsung phone,and it's connected on one channel, channel one. Okay, So what I'm going to do is tell the Nic Card that I want to start up monitoring on channel one. So right now it's connected to the sonic wall. What I'm going to do is here, I'm going to say, you know what, start monitoring on channel one. Okay? So that's taken care of. And now the other command is this long command. It says air replay the Mac address of the station, the Mac address of this device. And then we're going to see if they authenticate this. So when I run this, it should kick this phone right off of the network. So now it's doing it and it's just disjoining the network. All right. So it was completely disjointed. It's going to try to reattach to it and then it doesn't work. If I click on the sonic wall, not that one. If I click on the sonic wall, it tries to connect, but then it just disconnects. It's hard to see that there. I know, but there you go. So let's click on the sonic wall, and you'll see it comes up and down. It's like, "No, I'm not joining because right now you can see that it's still running." So that's all this is doing. It's basically creation. I can't join the wireless network. So this is a deauthentication or disassociation network. Why do we do this when we do this? We could do this to create traffic in networks. If you're cracking like Web, you can do this. The other thing here that I want to show you guys is that I'm going to stop this just to control C. The other thing in this particular lab I wanted to show you was wireless. Wireless jammers Wireless jammers are basically physical devices. These are, as you can see, physical devices that you purchase. So you buy one, you turn it on. Here's one thing: Let's see this one here. Portable cell phone jammers Right. Oh, I was wondering what was playing that music there. Oh, boy. It's a website playing that music. That's weird. Okay, so you go here to this website. Yes. You can see the website there. I was like, what was that playing that music? Okay, so you go here to the Thisjammer store and you notice $350. But you notice this particular thing could stop the wireless signal. Four G, three G, GSM, Bluetooth, WiFi. All of it is dead. You turn this thing on and it basically kills wireless signal up to 40 meters, which is about 128 feet. You can even plug it into a car and it will work. This is a wireless jammer. Wireless is still thinking of music. Wireless jammers are against the law in the United States. I'm not sure, but you're abroad where you are right now. but generally in the United States. These things are illegal, and when you put a themon in public, it kills all wireless signals. It's illegal because it can kill emergency signals, so if someone is in a medical emergency and tries to call paramedics, they can't get through because you have a jammer on the city thejammer. I don't recommend going out and buying these things unless you have a valid need to use these particular jammers Please follow your local laws and regulations when it comes to these devices Okay, this website is actually perfectjammer.com, which was the name of this website okay.So we learned two pretty cool attacks. right? This association, you see, wasn't difficult to do in Kali Linux. The one I did there was very specific. I did one in which I simply disconnected his phone, but I could run it and disconnect everyone in this office network as well as jammers. Remember, those things are against the law. If you were to ever purchase one of these, you could be in a lot of trouble.

ExamSnap's CompTIA SY0-601 Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, CompTIA SY0-601 Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.