Index
Symbols
| (pipe), running Linux commands and
Numbers
11 security principles. See security principles
32-bit, BackTrack versions
40-bit WEP
64-bit, BackTrack versions
104-bit WEP
802.1q (trunking protocol)
802.1x (port-based access control)
adding authenticators for wireless network
applying authentication to wireless networks
authentication using
captive portals compared with
configuring authentication settings
installing RADIUS server and
overview of
preventing rogue wireless networks
RADIUS and
reconfiguration as troubleshooting approach
802.11x
creating new policy
defined
monitor mode and
overview of
802.15 (Bluetooth)
80211i (WPA2 standard)
A
AAA (authentication, authorization, and accountability)
enabling AAA services
in RADIUS
access control
allowing guest access to internal resources
based on time
firewall access lists and
restricting access from internal LAN to wireless LAN
restricting access from wireless LAN to internal LAN
restricting guest networks to guest users only
user access and
access control lists. See ACLs (access control lists)
access points. See also rouge access points
as authenticators in wireless network
autonomous vs. controller based
beacons and
configuring for wireless network
configuring for WPA2-Enterprise network
configuring Linux laptop to act as
creating for WPA2-Enterprise network
detecting rouge
multiple SSIDs for single access point
overview of
types of
accountability
enabling AAA services
in RADIUS
ACLs (access control lists)
firewalls
network segmentation and
providing guest access to internal resources
VPN clients and
Active Directory Certificate Services (AD CS)
Active Directory Domain Services (AD DS)
Active Directory Users and Computers
Address Resolution Protocol. See ARP (Address Resolution Protocol)
adduser command, user administration in Linux
Ad-Hoc mode, wireless operating modes
AES (Advanced Encryption Standard)
configure access points
defined
encryption algorithms in WPA2
encryption methods in WPA
airbase, configuring Linux laptop as access point
aircrack
attempting to crack WEP key
cracking WPA-PSK
airdecap, decrypting WEP packets
aireplay
deauthenticating clients
packet replay attack and
airmon, putting wireless card into monitor mode
airodump
saving captured wireless traffic
sniffing insecure communications
targeting wireless clients
tracing or enumerating MAC addresses of rogue networks
alias command
Android OS
smartphones and
Wardrive app
antennas
overview of
types of
antivirus updates, faking
Apple Airport Express
apropos command
apt utilities
in BackTrack
installing software on BackTrack and
Linux OSs and
ARP (Address Resolution Protocol)
ARP replay attacks
ARP spoofing (poisoning) attacks
defined
arpwatch, for detecting rogue networks
Aruba wireless products
association, with access points
asymmetric algorithms
attackers, advantages of
attacks
ARP spoofing attacks
authentication and
cracking WPA pre-shared key
defending against. See defending against attacks
encryption and
history of breaking WEP
how WEP works
how WPA works
ICMP redirect attacks
MITM (man-in-the-middle) attacks
overview of
passive packet capture
rogue DHCP attacks
SSID cloaking
SSL MITM and SSL-stripping attacks
storing data and cracking as convenient
summary
on TKIP
WEP authentication and
on WEP encrypted networks
wireless reconnaissance
WPA deauthentication spoofing
WPA denial of service
WPA encryption algorithms and
on WPA protected networks
WPS brute force attacks
audit logs, client access denied
audits
authentication
802.1x and
access points and
applying to wireless networks
choosing authentication method
of consultants
guest access and
overview of
pre-logon
RADIUS (Remote Authentication Dial-In User Service). See RADIUS (Remote Authentication Dial-In User Service)
using digital certificates
WEP (Wired Equivalent Privacy) and
of wireless network
WPA deauthentication spoofing attacks
authentication, authorization, and accountability (AAA)
enabling AAA services
in RADIUS
authorization
enabling AAA services
in RADIUS
auto-enrollment
applying GPOs to Organizational Units
configure
log onto workstation and obtain user certificate
Microsoft Certificate Services and
auto-expiring credentials, guest access and
Autogroup Probe network, Kismet
autonomous access points
availability. See also CIA (Confidentiality, integrity, and availability)
in CIA triad
defined
B
BackTrack
booting to
downloading and installing
installing software on
Linux OS distributions
navigating file system
Balanced Scorecard (BSC)
bash (Bourne Again Shell)
Basic Service Set (BSS)
Basic Service Set Identifier. See BSSIDs (Basic Service Set Identifiers)
beacons
access points and
wireless clients and
Beck-Tews attack, on TKIP
black box tests, types of penetration tests
Black Swan events
The Black Swan: The Impact of the Highly Improbable (Taleb)
blacklists, Least Privilege and
block ciphers, vs. stream ciphers
Bluetooth (802.15)
boot menu, BackTrack
bootable USB drive
booting to BackTrack
for Linux OS
botnet
Bourne Again Shell (bash)
broadcasts
disabling broadcast of SSID
wireless clients and
brute force attacks
defined
dictionary attacks
on passwords
WPS brute forcing
BSC (Balanced Scorecard)
BSS (Basic Service Set)
BSSIDs (Basic Service Set Identifiers)
broadcasts and
defined
overview of
white lists
buffer overflow attacks
C
CA (Certificate Authority)
configure certificate template and auto-enrollment
create and issue certificate templates
create Group Policy Object and apply to Organizational Unit
create Organization Units and users group
CRLs (Certificate Revocation Lists)
deploying enterprise CA
DNS supporting communication with
install Active Directory Certificate Services
install and configure
log onto workstation and obtain user
certificate
obtaining public keys from
overview of
server structure
Thawte as
untrusted certificate warning
VeriSign as
cantennas
captive portals
defined
guest access and
CAPWAP (Control And Provisioning of Wireless Points)
defined
Next-Gen solutions
protocols for lightweight access points
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Control Protocol)
defined
encryption methods in WPA
WPA2 encryption algorithms
cd (change directory) command
Certificate Authority. See CA (Certificate Authority)
Certificate Revocation Lists (CRLs)
overview of
use by Microsoft Certificate Services
certificate services
install Active Directory Certificate Services
Microsoft Certificate Services
services supporting
certificate stores
accessing from Microsoft Management Console
overview of
certificate templates
configure
creating and issuing
deploying
Microsoft Certificate Services and
charters
chat systems, cleartext protocols and
chmod command
chop-chop attack, breaking WEP and
CIA (Confidentiality, integrity, and availability)
applying to wireless networks
defined
overview of
Cisco wireless products
Citrix, for interactive sessions on remote machines
cleartext protocols
clients. See wireless clients
cloud computing
defined
Next-Gen solutions
commands, Linux
getting help
networking configuration
running
shell options
communication
checking security of wireless clients
forcing clients to talk to us
sniffing insecure
compliance
confidentiality. See also CIA (Confidentiality, integrity, and availability)
in CIA triad
defined
configuration
changing default settings
default configurations that can be exploited
Connection Request policy
consequences (impact), of vulnerability exploitation
consultants
authentication of
defined
securing access to internal resources
context, in defense
Control And Provisioning of Wireless Points. See CAPWAP (Control And Provisioning of Wireless Points)
controller based access points
Next-Gen solutions
overview of
convenience, security convenience bell curve
core competencies
credentials, FTP
credentials, user
auto-expiring
managing for guest access
CRLs (Certificate Revocation Lists)
overview of
use by Microsoft Certificate Services
cryptographic breaks
D
daemons, Linux
data
cleansing
storing and cracking as convenient
Data Security Standard, PCI (Payment Card Industry)
dBi (decibels isotropic), antenna signal strength measured in
DD-WRT firmware
Debian distribution
BackTrack based on
installing software on BackTrack and
decibels isotropic (dBi), antenna signal strength measured in
default configurations
changing
that can be exploited
default operations, wireless clients and
defending against attacks
assessment of wireless networks
attackers advantage
context and reality in
Defense in Depth
design principles
in existing networks
firewalls
honeypots
IDS/IPS systems
Least Privilege
network segmentation
in new deployments
overview of
refreshing existing network
routers in
switches in
useful (good) defenses
useless defenses
web authentication gateways
Defense in Depth
components of strategy
overview of
demilitarized zone. See DMZ (demilitarized zone)
denial of service attacks
design principles, defending against attacks
detection
automated detection of rogue networks
Defense in Depth
manually detecting rogue networks
of rouge access points
security principles
deterrents
Defense in Depth
security principles
DHCP (Dynamic Host Control Protocol), rogue DHCP attacks
dictionary attacks
dictionary files
digital certificates
authentication using
deploying
digitally signing data using private keys
handling compromised certificates
log onto workstation and obtain user certificate
major fields in
nonrepudiation and
public and private keys in
trust and
X.509 standard and
digital signatures
dir (directory) command
directional antennas
parabolic
yagi
dirty data
D-Link G730AP access point
DMZ (demilitarized zone)
creating internal
with jump stations for guest access
multiple SSIDs and
segmenting guest network from internal network
DNS (Domain Name System)
captive portals and
certificate services supported by
DHCP and
DNS lookup
DNS spoofing attacks
resolution file (resolv.conf)
downloading BackTrack
downtime, dealing with
dual-homed routers
due diligence, in wireless security
DVD drive, booting to BackTrack
DVD players, wireless clients in business environments
Dynamic Host Control Protocol (DHCP), rogue DHCP attacks
E
EAP (Extensible Authentication Protocol). See also PEAP (Protected EAP)
authentication in wireless networks
defined
RADIUS using
EAP-TLS (Extensible Authentication Protocol-Transport Layer Security)
encryption
algorithms in WPA2
applying to wireless networks
attacking WEP
cracking WEP
overview of
stream ciphers vs. block ciphers
of traffic on guest networks
WEP. See WEP (Wired Equivalent Privacy)
wireless networking, basics
WPA. See WPA (Wi-Fi Protected Access)
endpoint security, technical solutions for
ESSID (Extended Service Set Identifier)
defined
overview of
showing from iwlist
of wireless clients
Ethernet interfaces, showing all with ifconfig command
Extended Service Set Identifier. See ESSID (Extended Service Set Identifier)
Extensible Authentication Protocol. See EAP (Extensible Authentication Protocol)
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
F
false negatives
false positives
Farady cages
File Transfer Protocol (FTP)
capturing FTP credentials
cleartext protocols
files, Linux
navigating file system
permissions
find command
firewalls
access control lists
configuring IPTables firewall
creating internal DMZ
multiple SSIDs and
options for terminating VPN connections
overview of
Fluke Networks Airmagnet Enterprise, as dedicated IDS
FMS attack, breaking WEP and
folders, navigating Linux file system
four-way handshake
in WEP authentication
in WPA-PSK
FTP (File Transfer Protocol)
capturing FTP credentials
cleartext protocols
G
G730AP access points, D-Link
Garmin GPSs
gedit program
Global Positioning System (GPS)
Globalsat Bu-353
GPS
Gnome
choosing window manager for BackTrack
graphical environment
GNU Public License
GPOs (Group Policy Objects)
allow pre-logon authentication
applying to Organization Units
configuring wireless clients
creating
securing wireless clients
GPS (Global Positioning System)
grep command
grey box penetration tests
Group Policy
allow pre-logon authentication
Microsoft Certificate Services and
Group Policy Objects. See GPOs (Group Policy Objects)
groups, user administration in Linux
guest access
allowing access to internal resources
authenticating consultants
authentication and credential management
auto-expiring credentials
captive portals
DMZ with jump stations for
encrypting traffic on guest networks
overview of
restricting to guest users only
segmenting guest network from internal network
VPN options for wireless networks
VPNs (virtual private networks)
H
hackers
hash functions
exercise obtaining MD5 hash of simple text file
overview of
heat map, of wireless access points
help command
honeypots
defined
overview of
when to use
Host mode, VPNs (virtual private networks)
Hotspotter, pocket wireless scanner
HTTP (Hypertext Transfer Protocol)
captive portals trapping user HTTP requests
cleartext protocols and
I
IANA (Internet Assigned Numbers Authority)
ICMP (Internet Control Message Protocol)
captive portals and
ICMP redirect attacks
IDS/IPS (intrusion detection system/intrusion protection system)
automated detection of rogue networks
considerations before setting up
dedicated wireless IDS
detection measures in security
managing
monitoring with
Next-Gen solutions
options for receiving network traffic
overview of
when to use and where to place
wireless systems
IEEE (Institute of Electrical and Electronic Engineers)
802.1x (port-based access control)
802.11x wireless standards
IETF (Internet Engineering Task Force)
ifconfig command
IMAP (Internet Mail Access Protocol)
info command
information classification standards
information security
Infrastructure mode, wireless operating modes
infrastructure security
Initialization Vectors. See IVs (Initialization Vectors)
Institute of Electrical and Electronic Engineers (IEEE)
802.1x (port-based access control)
802.11x wireless standards
integrity. See also CIA (Confidentiality, integrity, and availability)
in CIA triad
defined
intercept of a line
intermediate CAs
internal network resources
allowing guest access to
breaches of security
creating internal DMZ
jump stations providing guest access to
restricting access from internal LAN to wireless LAN
restricting access from wireless LAN to internal LAN
securing consultant access to
segmenting guest network from internal network
Internet Assigned Numbers Authority (IANA)
Internet Control Message Protocol (ICMP)
captive portals and
ICMP redirect attacks
Internet Engineering Task Force (IETF)
Internet Mail Access Protocol (IMAP)
Internet Protocol Security (IPSec)
creating VPN tunnels
securing consultant access to internal resources
intrusion detection system. See IDS/IPS (intrusion detection system/intrusion protection system)
intrusion protection system. See IDS/IPS (intrusion detection system/intrusion protection system)
IP addresses
arpwatch monitoring changes to
configuring static
manually detecting rogue networks and
RFC 1918 (private IP addressing)
ipconfig command
iPhones
IPSec (Internet Protocol Security)
creating VPN tunnels
securing consultant access to internal resources
IPTables firewall
IVs (Initialization Vectors)
cracking fails due to insufficient number of
defined
vulnerability of WEP and
WEP keys and
iwconfig command
iwlist command
defined
man page for
output from
J
jump stations, providing guest access to internal resources
K
KDE window manager
Kismac tool
defined
features of
Kismet tool
as dedicated IDS
defined
downloading and installing
features of
main interface
manually detecting rogue networks
startup and logging options
targeting wireless clients
tracing or enumerating MAC address of rogue access point with airodump
viewing packets and captured data
Korek attack, breaking WEP and
L
Layer 2
network segmentation
WEP encryption at
Layer 3
network segmentation and
switches
LDAP (Lightweight Directory Access Protocol)
Least Privilege
principle of
securing wireless network
lightweight access points. See also CAPWAP (Control And Provisioning of Wireless Points); LWAPP (Lightweight Access Point Protocol)
Next-Gen solutions
overview of
Lightweight Directory Access Protocol (LDAP)
Linksys WRT54G access points. See WRT54G access point
Linux OSs
booting to BackTrack
configuring Linux laptop as access point
creating bootable USB drive
daemons
downloading and installing BackTrack
file permissions
Gnome graphical environment
help with commands
installing software on BackTrack
Kismet compatibility with
list of popular distributions
navigating file system
networking configuration
options for terminating VPN connections
overview of
running commands
scripts
shell options
user administration
wireless security and
logging, Kismet options
ls (list) command
LWAPP (Lightweight Access Point Protocol)
cloud-based solutions and
defined
Next-Gen solutions
protocols for lightweight access points
M
MAC (Media Access Control) addresses
arpwatch monitoring changes to
changing with ifconfig command
defined
filtering
manually detecting rogue networks and
overview of
port security and
tracing or enumerating MAC address of rogue access point with airodump
Mac OSs
Kismac tool and
Kismet compatibility with
wireless security and
MacStumbler, manually detecting rogue networks
man command
man-in-the-middle attacks. See MITM (man-in-the-middle) attacks
MD5 (Message Digest Five)
Media Access Control (MAC) addresses. See MAC (Media Access Control) addresses
medical devices, wireless clients in business environments
Meraki cloud-based solutions
Message Digest Five (MD5)
metrics project distance
metrics project timeline
Microsoft Certificate Services
auto-enrollment and certificate templates
overview of
Microsoft Management Console (MMC)
mini access points
mission statements
mitigation, of risk
MITM (man-in-the-middle) attacks
ARP spoofing attacks
attacking public key crypto-secured messages
defined
DNS spoofing attacks
fake antivirus updates
fake web authentication page
ICMP redirect attacks
overview of
Rogue DHCP attacks
SSL MITM and SSL-stripping attacks
SSL MITM attacks
SSL stripping attacks
wireless clients and
MMC (Microsoft Management Console)
mobile hotspots
features of
Verizon 4G LTE
monitor mode, 802.11 traffic
monitoring
access points for malicious use
wireless clients
MS-CHAPv2
N
NAC (Network Access Control)
NAP (Network Access Protection)
NAT (Network Address Translation)
Ad-Hoc mode and
hiding MAC addresses
manually detecting rogue networks
netmask, configuring static IP addresses
Netstumbler
defined
features of
manually detecting rogue networks
tracing or enumerating MAC address of rogue access point with airodump
Network Access Control (NAC)
Network Access Protection (NAP)
Network Address Translation. See NAT (Network Address Translation)
Network mode, VPNs
Network Policy
configuring for WPA2-Enterprise network
resetting
restricting network access based on time
Network Policy and Access Services role
installing
installing RADIUS server and
Network Policy Server. See NPS (Network Policy Server)
network segmentation
in defense of wireless networks
firewalls in
routers in
securing WPA2-Enterprise network
separating guest network from internal network
switches in
network sniffers
decoding cleartext protocols
overview of
Networking: A Beginner's Guide (Hallberg)
networking configuration, Linux OS
Next-Gen solutions
cloud-based solutions
dedicated wireless IDS
lightweight solutions
overview of
nonce value (pseudo random numbers), four-way handshake in WPA and
nonrepudiation, digital certificates and
NPS (Network Policy Server)
client access denied
configure RADIUS server as
restarting as troubleshooting step
O
objective desired direction
OCSP (Online Certificate Status Protocol)
offshoring
OLAP (online analytical processing)
omnidirectional antennas
one-way hash
online analytical processing (OLAP)
Online Certificate Status Protocol (OCSP)
open authentication, WEP support for
open source, Linux OS as
open wireless network, concerns related to
operating systems. See also by individual types
orchestration
Organization Units. See OUs (Organization Units)
organizationally unique identifier (OUI), of MAC address
OUI (organizationally unique identifier), of MAC address
OUs (Organization Units)
apply Group Policy Object to
configuring wireless clients and
creating for wireless network
outsourcing
P
packet injection attacks, attacks on WEP
packets
capturing client packets
passive packet capture
panels, Gnome
parabolic antennas
parallel deployment, of new wireless network
passphrase, cracking WPA
passwd file, user administration in Linux
passwords
authenticating guest users
brute force attacks on
hashing algorithm for storing encrypted value of
PATH variable, running Linux commands and
PCAP file
PCI (Payment Card Industry), Data Security Standard
PDAs
PEAP (Protected EAP)
applying authentication to wireless networks
bad RADIUS authenticator
choosing authentication method for wireless network
client access denied
configuring wireless clients and
defined
restarting NPS Service
troubleshooting
penetration tests
defined
types of
vs. vulnerability assessment
permissions, Linux file
physical security
assessment of
of wireless clients
pipe (|), running Linux commands and
PKI (Public Key Infrastructure)
asymmetric encryption in
defined
overview of
Public Key Cryptography and
trust and
pocket wireless scanners
Point-to-Point Protocol. See PPTP (Point-to-Point Protocol)
POP3 (Post Office Protocol)
portable hotspots
ports
preventing rogue wireless networks
restricting network access and
Post Office Protocol (POP3)
power management systems
PPTP (Point-to-Point Protocol)
creating VPN tunnels
defined
VPN to Windows server
prevention
Defense in Depth
failure of
principle of
rouge wireless networks
prioritization
private IP addressing (RFC 1918)
private keys
in asymmetric encryption
sending secure messages
probability, of vulnerability exploitation
Probe-Request packets
Probe-Response packets
probes
Kismet
in wireless reconnaissance
project management
project scope
promiscuous mode, packet capture in
Protected EAP. See PEAP (Protected EAP)
protocol analyzers
pseudo random numbers (nonce value), four-way handshake in WPA and
PSK (pre-shared keys)
applying authentication to wireless networks
authenticating guest users
cracking WPA
encrypting guest traffic
securing wireless network
WEP keys
WPA
PTW attack, breaking WEP and
public key (asymmetric) encryption
Public Key Cryptography
attacking public key crypto-secured messages
digital signature process
example sending a secure message
hash functions and
symmetric and asymmetric algorithms
Public Key Infrastructure. See PKI (Public Key Infrastructure)
public keys
in asymmetric encryption
obtaining from CA (Certificate Authority)
sending secure messages
Q
QoS (quality of service), attacks on TKIP and
qualitative costs, in calculating risk
quantitative costs, in calculating risk
quartiles
R
RADIUS (Remote Authentication Dial-In User Service)
authentication against Active Directory
for authentication with VPN appliances
client access denied
configure RADIUS server
defined
overview of
troubleshooting bad RADIUS authenticator
using with 802.1x port-based access control
rainbow table attacks
RASCI (Responsible, Approver, Supporter, Consultant and Informed)
RBAC (Role-Based Access Control)
authenticating guest users
defined
RC4 cipher
TKIP using
use in security protocols
in WEP authentication
RDP (Remote Desktop Protocol)
reality, in defense
related-key attack, breaking WEP and
Remote Authentication Dial-In User Service. See RADIUS (Remote Authentication Dial-In User Service)
Remote Desktop Protocol (RDP)
Remote Switch Port Analyzer (RSPAN)
defined
port-mirroring and
remote wireless networks, securing
resolv.conf (resolution file), DNS
Responsible, Approver, Supporter, Consultant, and Informed (RASCI)
return on investment. See ROI (return on investment)
RFC (Request for Comment)
RFP (Request for Proposal)
risk matrix
risks
calculation of
impossibility of eliminating all
not all risks must be mitigated
Rogue DHCP attacks
ROI (return on investment)
balancing risk against
defined
not applicable to security
rouge access points
802.1x (port-based access control)
assessment of
automated detection of
detecting
handling
manual detection of
NAC (Network Access Control) and
overview of
port security and
preventing
tracing
route command, manipulating routing table with
routers
dual-homed
options for terminating VPN connections
overview of
RSPAN (Remote Switch Port Analyzer)
defined
port-mirroring and
S
sacred cows
satellite dish, as parabolic antenna
scanning option, iwlist
scripts, Linux OS
Secure Hash Algorithm (SHA)
Secure Shell. See SSH (Secure Shell)
Secure Sockets Layer. See SSL (Secure Sockets Layer)
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
security cameras, wireless clients in business environments
security compromises, internal vs. external
security principles
CIA (Confidentiality, integrity, and availability)
Defense in Depth
impossibility of eliminating all risk
Least Privilege
not all risks must be mitigated
not just about keeping the bad guys out
overview of
prevention, detection, and deterrents
prevention fails
risk calculation and mitigation controls
ROI not applicable to risk
security vs. convenience
Service Set Identifiers. See SSIDs (Service Set Identifiers)
SHA (Secure Hash Algorithm)
shared-key (symmetric) encryption
shared-key authentication
shell options, Linux OS
Simple Mail Transfer Protocol (SMTP)
slope of a line
small office/home office (SOHO)
smartphones
SMTP (Simple Mail Transfer Protocol)
sniffers
defined
sniffing insecure communications
social engineering
software, installing on Linux OSs
SOHO (small office/home office)
SPAN (Switch Port Analyzer)
defined
monitoring access points for malicious use
port-mirroring and
spectrum analyzers
SSH (Secure Shell)
creating VPN tunnels
for interactive sessions on remote machines
restricting access from internal LAN to wireless LAN
SSID cloaking
overview of
useless strategies in defending wireless networks
using Kismet to find cloaked network
SSIDs (Service Set Identifiers)
adding multiple for single access point
defined
overview of
rainbow table attacks and
SSL (Secure Sockets Layer)
circumventing or breaking
defined
MITM attacks and
SSL-stripping attacks
SSL MITM attacks
SSL stripping attacks
SSL-stripping attacks
SSL/TLS (Secure Sockets Layer/Transport Layer Security)
stakeholders
stream ciphers
vs. block ciphers
RC4 cipher. See RC4 cipher
subnets, restricting network access and
subordinate CAs
supplicants, 802.1x
Switch Port Analyzer. See SPAN (Switch Port Analyzer)
switches
as 802.1x authenticator
Layer
network segmentation and
overview of
showing MAC addresses
symmetric algorithms
T
TCP ports, restricting network access and
Tcpdump, Android OS and
televisions, wireless clients in business environments
Temporal Key Integrity Protocol. See TKIP (Temporal Key Integrity Protocol)
test lab, creating
text editor, gedit program as
Thawte
threat analysis
time, restricting network access based on
TJX Companies, hacking example
TKIP (Temporal Key Integrity Protocol)
attacking
defined
encryption methods in WPA
WPA based on
TLS (Transport Layer Security)
defined
SSL/TLS
Transport Layer Security (TLS)
defined
SSL/TLS
Trojan viruses
trunks, VLAN
Trusted Root Certification Authorities Store
U
Ubuntu, Linux OS options
UDP ports, assigned to RADIUS
UNetbootin, making bootable USB drive
USB drive, bootable USB drive for Linux OS
users
access restrictions in WPA2-Enterprise network
administration, Linux OS
creating user groups for wireless network
educating
specifying user groups for access policies
V
VeriSign
virtual local area networks. See VLANs (virtual local area networks)
virtual private networks. See VPNs (virtual private networks)
viruses
VLANs (virtual local area networks)
defined
dividing physical switch into logical switches
MAC addresses associated with
multiple SSIDs and
NAC (Network Access Control) and
network segmentation and
VPN appliances
VPN gateways (concentrators)
VPNs (virtual private networks)
defined
between gateway devices
Host and Network modes
jump stations compared to
options for wireless networks
overview of
protocols for creating VPN tunnels
vulnerabilities
assessment vs. penetration tests
consequences and probabilities
factors exacerbating client vulnerabilities
of wireless clients
W
Wardrive app
defined
features of
wardriving
defined
overview of
pocket wireless scanners and
in wireless reconnaissance
web authentication gateways
web authentication page, faking
WEP (Wired Equivalent Privacy)
attacking WEP encrypted networks
authentication and
cracking WEP encryption
defined
history of breaking
how it works
support in 802.11b
useless in defending wireless networks
WEP cloaking
WEP key
attempt to crack
cracking
white box tests, types of penetration tests
Wicd program
configuring wireless and wired interfaces
for graphical network configuration
Wi-Fi Protected Access. See WPA (Wi-Fi Protected Access)
Wi-Fi Protected Setup (WPS), brute force attacks
window managers (WMs), choosing for BackTrack
Windows OSs
configuring wireless clients and
guest account privileges
interactive sessions on remote machines
Kismet compatibility with
Netstumbler and
securing wireless clients
smartphones and
wireless security and
Windows servers
install Active Directory Certificate Services on
installing NPS on
options for terminating VPN connections
Wired Equivalent Privacy. See WEP (Wired Equivalent Privacy)
wireless clients
airodump for targeting
capturing packets
configuring for WPA2-Enterprise network
configuring Linux laptop to act as an access point
default operations and
DNS spoofing attacks
factors exacerbating vulnerabilities of
fake antivirus updates
fake web authentication page
forcing communication with
GPOs for securing
Kismet targeting
MITM (man-in-the-middle) attacks
phones and printers as client devices
protecting
sniffing insecure communications
SSL MITM attacks
SSL stripping attacks
technical solutions for endpoint security
troubleshooting access denied problem
types of wireless devices
user education and
vulnerabilities of
wireless reconnaissance and
wireless devices, types of
wireless LANs (WLANs)
restricting access from internal LAN to wireless LAN
restricting access from wireless LAN to internal LAN
wireless networking, basics
802.11x wireless standards
access points
association and authentication
autonomous vs. controller-based access points
beacons and broadcasts
encryption
identifiers (SSID, BSSID, and MAC addresses)
overview of
wireless personal area networks (WPANs)
wireless reconnaissance
active and passive
iwlist command for
Kismac tool
Kismet tool for
Netstumbler
overview of
Wardrive app
wireless clients and
wireless technologies
cloud-based solutions
dedicated wireless IDS
impacting organizational security
lightweight solutions
Next-Gen solutions
wireless test lab, creating
wireless tools/gadgets
antennas
client devices
GPS units
operating systems
overview of
pocket wireless scanners
smartphones and PDAs
spectrum analyzers
types of access points
Wireshark
capturing client packets
capturing FTP credentials
Wi-Spy spectrum analyzer by Metageek
WLANs (wireless LANs)
restricting access from internal LAN to wireless LAN
restricting access from wireless LAN to internal LAN
WMs (window managers), choosing for BackTrack
wordlists, dictionary attacks
workflows
WPA (Wi-Fi Protected Access)
attacking WPA protected networks
authenticating guest users in WPA-Enterprise
cracking WPA passphrase
cracking WPA pre-shared key
defined
encryption methods in
how it works
WPA deauthentication spoofing
WPA denial of service
WPS brute forcing
WPA2
encrypting guest traffic
encryption algorithms
versions of WPA
WPA-PSK compared with WPA2-Enterprise
WPA2-Enterprise network, architecture of
802.1x and
attacking public key crypto-secured messages
authentication using digital certificates
Certificate Authority server structure
deploying
digital signature process
handling compromised certificates
hash functions and
introduction to
Microsoft Certificate Services and
obtaining public keys from Certificate Authority
PKI and
public and private keys for sending secure messages
RADIUS and
services supporting Certificate services
symmetric and asymmetric algorithms
WPA2-Enterprise network, configuring
configure access points
configure RADIUS server as Network Policy Server
configure wireless clients
overview of
WPA2-Enterprise network, deploying
allow pre-logon authentication
authenticate network
configure access point
configure certificate template and auto-enrollment
configure RADIUS server
create and issue certificate templates
create Group Policy Object and apply to Organizational Unit
create Organization Units and users group
install Active Directory Certificate Services
install and configure CA
log onto workstation and obtain user certificate
overview of
WPA2-Enterprise network, securing
adding multiple SSIDs for single access point
creating internal DMZ
firewall access lists
network segmentation
overview of
remote networks and
restricting access based on time
restricting access from internal LAN to wireless LAN
restricting access from wireless LAN to internal LAN
restricting user access
WPANs (wireless personal area networks)
WPA-PSK
authenticating guest users
encrypting guest traffic
overview of
WPA2-Enterprise compared with
WPS (Wi-Fi Protected Setup), brute force attacks
WRT54G access points
configuring
overview of
X
X terminal, Gnome
X.500 standard
X.509 standard
Y
yagi antennas
Z
Zigbee
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.