In this section, we will discuss how we can leverage misconfiguration of network devices, in particular wireless access points. The following checklist can help with finding out misconfiguration issues on wireless access points:
- Default user credentials on the device: An attacker has a better chance to gain access to the device if the default credentials on the device are not changed. Make sure the passwords set on the device are strong enough to keep an attacker at bay. A brute force attack is still an option for an attacker to crack into the device.
- DNS settings on the device should reflect the authorized DNS IPs: Usually, attackers try to change the DNS of the device to point to their malicious DNS, thus MITM can be done without much hassle. If a user is trying to visit
https://bank.com, the attacker can direct the user to attacker-https://bank.com, which looks and feels the same. Thus, ensure the DNS is pointing to a legitimate DNS server. Malicious DNS IPs in the device are better indicators of device compromise. - Dynamic DNS is a feature supported by many SOHO routers: This can be used by an attacker to maintain a persistent connection to the device. Once the device is compromised, an attacker can modify the DDNS configuration to access the device even if the IP address of the device changes frequently. DDNS should be properly configured to reflect valid settings.
- Check for a list of users on the device: The device can sometimes contain multiple users with different privilege levels to access and configure the device. Typically, an admin account with root privilege to configure the device is found on the device. Checking the available list of users on the device against the valid users list provided by administrators can reveal any backdoor user created on the device.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.