Wi-Fi Myth Busters Series – Episode 3

                                                                                                                                 Figure 1                  Myth # 6 : Captive Portals are an effective ways to prevent unauthorized users

When WPA/WPA2 cannot be used, some organizations such as airports, hotels, shopping malls and universities tend to go for captive portals for authentication. It restricts access until a user authenticates through a web interface. Refer Figure 2. Actually, captive portals provide Layer 2 security which means it places authenticated users’ MAC addresses in a pool of authorized MAC addresses until users log off. So it can be considered as a dynamic MAC filter. But, how many utilities are there in market to spoof MAC addresses? So is it safe as people think?

Asiri’s Experience : When I was doing our rogue access point detection project, I could change MAC of my laptop easily using ‘ifconfig wlan0 hw ether 00:XX:XX:XX:XX:XX’ .

                                                                            Figure 2

As WPA/WPA2 is very common in most wireless devices, best solution is to go for it with a personal passphrase. Even though some security flaws are there with WPA, of course it is more secure than a captive portal.

Myth # 7 : Disabling SSID broadcast may protect network from intruders.

By disabling SSID broadcast, it stays hidden from users and whenever a user wants to connect, he has to enter parameters manually rather than auto detecting. When devices are connected to access point, they constantly probe for other networks with same SSID for roaming purposes. The response from AP’s are sent in clear text surprisingly and unfortunately.

Asiri’s Experience : I could reveal hidden SSID networks by using Kismet wireless sniffer within few seconds. Kismet is not the only tool which can be used for that task.

So moral of the story is SSID is hidden as long as network is dead.

References

Miller, B & Hill, G 2006, ‘Eleven Myths about 802.11 Wi-Fi Networks’, Expert Reference Series of White Papers , 18 August, pp. 5-6, Global Knowledge Training LLC., viewed 23 August 2010

‘Figure 1’ [image] in 2009, ‘The second day of the School on Low Cost Wireless’, school2009, viewed 23 Aug 2010, http://wireless.ictp.it/groups/school2009/wiki/8d8fe/Group_Two's_-_Day_Two.html

‘Figure 2’ [image],‘Captive Portal Guideline’, Wireless LAN service in UM, viewed 23 Aug 2010, http://ictoinfo.umac.mo/wireless/portal.html

The previous episode of this series has been posted on 16th Aug 2010 which can be found easily in here.

Please support to keep your favourite blog live and rich with contents !!!

It would be very helpful if you give your feedback for any post or about this blog using any of the following methods ;

1. - Post a comment by clicking on "x comments" link under each and every post
2. - Follow using your gmail account. Use the "Followers" panel at the right side of blog.
3. - Follow using Twitter. Use the "Twitter Updates" panel at the right side of blog
4. - Directly contact Asiri by email  support@asirirajapakse.com

Your feedback may help Asiri to post more valuable articles fine tuned as per your choices. Thank You for visiting Asiri's Blog.

Have you ever used /, + and – IOS commands in a router?

These commands are similar to last week’s ‘|’ command, but these can be used to parse output several times in a single show command. This is very handy in situations where you have to search for a particular portion of text in a lengthy output.

/   : Displays output from the next entry of search text

+   : Displays lines of output which contains search text

-   : Displays lines of output which does not contain search text

Examples

Sh run --> /bgp         = Output starting from “bgp”

Sh run --> +interface = Output lines containing “interface”

Sh run --> -line          = Output lines without “line”

As usual, keep in touch with ‘Asiri’s Blog’ for more cool tutorials and tips like this. Do not forget to follow this using your Google account and comment as well.

Bill Gates' Last Day at Microsoft

This time it is well known Bill Gates. May this become a tribute for the great man who spent his last full time day at Microsoft Corporation on 27 June, 2008. Now he serves as 'non-executive' chairman while Steve Ballmer acts as CEO since January 2000. [1,2]



References

[1] Bill Gates, Wikipedia, viewed 16 Aug 2010, < http://en.wikipedia.org/wiki/Bill_Gates >

[2] Steve Ballmer, Wikipedia, viewed 16 Aug 2010, < http://en.wikipedia.org/wiki/Steve_Ballmer >

As always, stay tuned with Asiri's Blog and feel free to comment on any post which you find interesting ...

Wi-Fi Myth Busters Series – Episode 2

                                                                                                                          Figure 1

Myth # 5 : Even with 802.11i (WPA2), there is a need of VPN still in order to provide enterprise level security to a wireless network.

IPSec and SSL VPNs are famous solutions to protect networks linked with WAN connections. So people may choose same to protect their wireless networks too. WPA fixed flaws of WEP by introducing TKIP and 802.1x/EAP or WPA-PSK as secure authentication methods. Unfortunately, TKIP is based on same cipher as WEP (RC4). When WPA2 was released it came with CCMP (Counter Mode CBC-MAC Protocol) encryption. The cipher used in CCMP is AES which is considered as strongest among IPSec VPNs. The end result is WPA2 provides same strong encryption as IPSec VPNs.

But WPA-PSK and 802.1X/EAP-LEAP authentications are both vulnerable to brute force attacks surprisingly. Even though vulnerable WPA2 authentication methods do exist, some secure methods are there too such as EAP-TLS, EAP-TTLS or PEAP which keeps credentials securely using tunnelling similar to SSL. Like that it satisfies WPA2 Enterprise Standards. WPA2 Enterprise secures the wireless link in Layer 2 but if consider about layer 3 technologies such as IPSec to protect it too, it would become less scalable and manageable.

So this myth also can be taken as partially correct.

References

Miller, B & Hill, G 2006, ‘Eleven Myths about 802.11 Wi-Fi Networks’, Expert Reference Series of White Papers , 18 August, pp. 4-5, Global Knowledge Training LLC., viewed 15 August 2010

‘Figure 1’ [image] in 2009, ‘The second day of the School on Low Cost Wireless’, school2009, viewed 15 Aug 2010, http://wireless.ictp.it/groups/school2009/wiki/8d8fe/Group_Two's_-_Day_Two.html

The previous episode of this series was posted on 8th Aug 2010 which can be found easily in this blog.To be continued…

Have you ever used | (Pipe) IOS command in a router?

This is a really cool way to filter text in output commands of Cisco routers. Please note that expressions you type with | commands are case sensitive (Typing serial0/1 instead of Serial0/1 will not work). In this tutorial a Cisco 3640 router has been used. Some | commands are not available in some routers depending on IOS version and model.

Type ‘show run | ?’ in order to see what are the available commands. Refer figure 1.

                                                                          Figure 1

Following ‘show run’ output has been used to explain commands ‘append, begin, redirect, section and tee’. Refer figure 2

                                                                              Figure 2

Append

This command can append an output of a show command into an existing file somewhere (ex: ftp, nvram). Give command ‘sh run | append ?’ to see what are the supported formats. Then issue ‘sh run | append '<'path to existing file'>'’. Refer figure 3

                                                                             Figure 3

Begin

This command can display an output starting from the given expression in it. As an example, if you want to display all lines after ‘Serial’ in show run output, command should be issued as ‘sh run | begin Serial’. Again remember that expressions are case sensitive. Refer figure 4

                                                                                   Figure 4

Tee

This command is similar to ‘append’ command but this creates a new file in given destination. Give command ‘sh run | tee ?’ to see what are the supported formats. Then issue ‘sh run | tee '<'path to new file'>'’. And also output is displayed on console at the same time. Refer figure 5

                                                                              Figure 5

Redirect

This command is similar to ‘tee’ command but output is not displayed on console at the same time. Give command ‘sh run | redirect ?’ to see what are the supported formats. Then issue ‘sh run | redirect '<'path to new file'>'’. Refer figure 6

                                                                             Figure 6

Section

This command can display a particular section of a show command. As an example, the section which is relevant to an interface in show run output can be viewed with ‘sh run | section '<'Interaface name'>'’. Refer figure 7

                                                                               Figure 7

The following ‘show ip route’ output has been used to explain commands ‘include and exclude’. Please note there are 2 ‘BGP’ routes and 3 ‘Connected’ routes in figure 8.

                                                                                Figure 8

Include

This command can display lines which include the given expression. As an example ‘sh ip ro | include B’ may filter out and display all BGP routes. Again remember that expressions are case sensitive. Instead of characters you can use numbers such as IP addresses too. Refer figure 9

                                                                             Figure 9

Exclude

This command can display lines which does not include (exclude) the given expression. As an example ‘sh ip ro | exclude B’ may filter out and display all routes except BGP routes. Again remember that expressions are case sensitive. Refer figure 10

                                                                               Figure 10

Hope you learned something new and valuable today. Make sure you practice them in order to learn where to apply correctly.

As usual, keep in touch with ‘Asiri’s Blog’ for more cool tutorials and tips like this. Do not forget to follow this using your Google account and Twitter as well.

"Geek Rap" of the week - 2

This time only one intern. Really funny and creative !



Stay tuned.......!!!

Wi-Fi Myth Busters Series – Episode 1

                                                                                                                            Figure 1
Myth # 1 : Wi-Fi stations are vulnerable to attacks just by leaving their Wi-Fi adapters enabled.                  

It is correct partially. Unknown Wi-Fi device drivers may be present which leads to such attacks. And if the end user is so dumb and careless, it is possible as well. (Common factor with any kind of attack – user unawareness)

But, to communicate with another machine, Data Link connectivity (Layer 2) must be operational. So it is impossible for an attacker to gain peer-to-peer access without establishing Layer 2 connectivity first.                                               

Myth # 2 : Isolated stations are vulnerable to “Rogue Access Points” and already associated stations are secretly hijacked by “Rogue Access Points”.

Both cases are correct partially. Specifically, unassociated stations which are controlled by client side Wi-Fi utilities and maintaining a ‘Preferred Networks List’ are vulnerable. If the attacker throws an AP (Access Point) with a non-encrypted SSID which is in station’s 'Preferred Networks List', station will connect to that attacker.

Asiri’s Experience : This Rogue Access Points topic was a hot topic during my masters’ final group project period. If I add something more to above paragraph, an already associated station is vulnerable if RAP’s (Rogue Access Point) signal strength is higher than the legitimate AP’s signal strength. And also to attack successfully, end station’s Wi-Fi adapter should be restarted and re-associated with its preferred network in the list which leads to connect with RAP. It is tested by my team (Asiri, Roger, Sharan, Prashanth, and Prasad) and the viable solution we came up with can be seen on my ‘LinkedIn’ profile for its registered users.

Other solutions for hijacking attacks.

• Removing all non-encrypted SSIDs from preferred list would work but not practical as it saves such poor configurations automatically whenever user connects with that. 
• A simple but practical solution is disable wireless adaptor when it is not in use. 
• User’s wireless station can be disconnected automatically when it is connected with a wired network by using applications such as “NetOaats”. It can be configured to work in other way around as well (wired --> wireless).                                                                                           Figure 2
• Another state of the art solution is using wireless client isolation security protocols such as Cisco’s PSPF (Public Secure Packet Forwarding). It prevents accessing another machine directly when they are connected with same AP. It is recommended to implement such protocols in free public Wi-Fi hot spots.

Myth # 3 : Stations get connected with ad-hoc (peer-to-peer) Wi-Fi networks with same SSID as an Access Point

It is also partially correct. Beacon frames from APs always indicate whether it is AP based (BSS) or ad-hoc (IBSS) based. So it is impossible to connect like that.

Asiri’s Experience : But, my project team demonstrated it is ‘possible’ to make a peer-to-peer like association with another laptop which runs Ubuntu with wireless card’s mode set to “Master mode”. So laptop itself acted as a rogue “AP” which appeared as a real access point(BSS) in victim’s visible wireless networks list. So it is possible as well. Our solution was smart enough to detect such vulnerabilities as well.

Myth # 4 : Stations connect with any access point in vicinity if their Wi-Fi adapter is left enabled.

Some legacy client utilities had that flaw but modern utilities are smart enough to connect with SSID that are configured with secure parameters in preferred networks list.

Conclusion

Users are vulnerable if following conditions are met;

                                                                             Figure 3

References

Miller, B & Hill, G 2006, ‘Eleven Myths about 802.11 Wi-Fi Networks’, Expert Reference Series of White Papers , 18 August, pp. 2-4, Global Knowledge Training LLC., viewed 8 August 2010

'Figure 1’ [image] in 2009, ‘The second day of the School on Low Cost Wireless’, school2009, viewed 8 Aug 2010, http://wireless.ictp.it/groups/school2009/wiki/8d8fe/Group_Two's_-_Day_Two.html

‘Figure 2’ [image] in Ironic1 2008, ‘Geek Prom - WiFi Ready?’, perfectduluthday, viewed 8 Aug 2010, http://archive.perfectduluthday.com/2008/03/

To be continued… Stay tuned with Asiri’s Blog

Who are the “real” founders of Public Key Cryptography?

                                                                                                                                       Figure 1

In a nut shell, Public-key cryptography uses asymmetric algorithms in communications devices such as computers and mobile equipments to encrypt and decrypt messages. The algorithm on the sender's end uses a code, or key, to encrypt a message, and the recipient uses a different key to decrypt it which relates with the meaning of  “asymmetric."

                                                                                                        

As most people know already, the founders of public key technology are the researchers at Stanford and MIT who discovered it in 1976. More specifically, they are Whitfield Diffie, Martin Hellman, and Ralph Merkle. [1] Later on, their invention was named as “Diffie-Helman Key Exchange”. Although in 2002, Hellman suggested the algorithm should be called as Diffie-Hellman-Merkle key exchange, still it uses without Merkle’s name in most cases. Actually that is not the question. [2]

                                                Figure 2 - Left to Right : Merkle, Hellman and Diffie

In early 1970’s, British researchers named James Ellis, Clifford Cocks, and Malcolm Williamson invented public-key cryptography while working at a British intelligence agency, the Government Communications Headquarters (GCHQ), in Cheltenham, England. But surprisingly they kept it as a secret for nearly 25 years and finally broke the news in 1997. Unfortunately, Ellis died before he could enjoy the public recognition of it.[2]

                                                              Figure 3 - Malcolm Williamson

Even though that story had been revealed for more than 10 years, Diffie, Hellman and Merkle were awarded this year’s (2010) IEEE Richard W. Hamming Medal for invention of public-key cryptography. But in order to respect real owners of that technology, a group of IEEE members from Region 8, nominated the invention by Ellis, Cocks, and Williamson for an IEEE Milestone in Electrical Engineering and Computing, IEEE's 100th. [1]

How to prove first inventors of Public Key Cryptography?

In brief, Ellis came up with that idea but could not proceed because he was not a mathematician. So in 1973, Cocks who was a mathematician was asked to join with him and he had come up with the solution. But his solution was not simple enough to run on computers in that time. So Williamson, who was also a mathematician, had implemented the final solution. [1]

Who are Ron Rivest, Adi Shamir and Leonard Adleman (RSA)?

                                               Figure 4 - Left to Right : Shamir, Rivest and Adleman

They also came up with another ‘independent’ algorithm similar to Ellis, Cocks and Williamson’s scheme when they were at MIT in 1977. It was published in 1978 and became popular as “RSA”. [3]

Summary

1973 - Ellis, Cocks and Williamson came up with initial solution and kept as a secret until 1997. Solution was known as “non-secret encryption”
1976 - Diffie, Hellman and Merkle came up with another similar solution who believed ‘they were the first’ and earned credit for it.
1977 - Rivest, Shamir and Adelman came up with another ‘independent’ solution

Verdict

It is questionable still on who is the real inventor of this technology. Nobody has confirmed ‘officially’ regarding that yet. Most people do not know about this secret too.

References

[1] Bogdanowicz, A. 2010, Cryptography Breakthrough Is 100th Milestone , The Institute, viewed 5 Aug 2010, < http://www.ieee.org/portal/site/tionline/menuitem.130a3558587d56e8fb2275875bac26c8/index.jsp?&pName=institute_level1_article&TheCat=1008&article=tionline/legacy/inst2010/jun10/featurehistory.xml&>

[2] Diffie–Hellman key exchange , Wikipedia, viewed 5 Aug 2010, < http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange > 

[3] Public-key cryptography, Wikipedia, viewed 5 Aug 2010, < http://en.wikipedia.org/wiki/Public-key_cryptography >

[4] ‘Figure 1’ [image] in 2004, ‘Public Key Cryptography & PGP’ , Treachery Unlimited, viewed 5 Aug 2010, http://www.treachery.net/images/public_key_cryptography_and_pgp.jpg 

[5] ‘Figure 2’ [image] in Prevost, E. 2009, ‘Public Key Cryptography’, EdwardPrevost.info, viewed 5 Aug 2010, http://edwardprevost.info/Blog/2009/10/15/public-key-cryptography/

[6] ‘Figure 3’ [image], ‘Public Key Cryptography (PKC) History’, viewed 5 Aug 2010, http://www.livinginternet.com/i/is_crypt_pkc_inv.htm

[7] ‘Figure 4’ [image] in 2008, ‘Leonard Adleman’, Adleman Portraits, viewed 5 Aug 2010, http://www-history.mcs.st-and.ac.uk/PictDisplay/Adleman.html

"Cisco Rap" of the week

Yes it is Cisco.You got it correctly. Check it out how two interns of cisco rock you !




Stay tuned with 'Asiri's Blog' for more!!!

My literature review on "Data Privacy"

Usage of information communications technologies (ICT) are beneficial in a way that individuals are able to solve their regular problems which are hard and cumbersome. Although ICT provides people with advantages, there can be social and ethical issues revolving around it. Issues may vary depending on purposes of ICT use. It is visible that most of those issues are related with online personal information privacy, accuracy of the information used, intellectual property rights and equal access rights. These mostly ignored issues grow along the time and it has created an opportunity for researchers to dig more deeper and find solutions in order to make the web more safer for online private information by stopping or minimizing the distribution of them. (Kuzu, 2009). In this review, personal information generated by various transactions and privacy problems resulting from the regular usage or sharing of them are addressed in deep in conjunction with legal support and solutions.

If privacy problems divide into two main categories, information reuse and unauthorised access can be taken. Information reuse means company making new uses of collected personal information legally. Unauthorised access violates either laws or corporate policies. Both issues can be harmful for a company in its customer relationships, share holders and regulators. As examples for information reuse, aggregation of data, data mining, new uses and sharing can be taken. It harms company due to incorrect inferences, decisions based on errors, exclusions and intrusions. Apart from reuse, unauthorized access is the most common way of breaching privacy. As examples unauthorised access to personal information and breaking into a system by a hacker can be taken. As well as accessing data from a stolen or unattended computer and failing to dispose sensitive data which leads to chaos can be taken too. (Cuinan & Williams, 2009)

If consider why people need privacy, information privacy can be divided in to three. First category is individuals or professionals who don’t want them selves to reveal their private secrets to public. As an example, a person may not allow anybody to access his medical files. The second category expects some sort of behaviour from co-workers to be protected. As an example, employees should not leave personal information on their desks and photocopier machines by mistake. The control is at their own hands. Finally the third category concerns data that looks non-sensitive but sensitive in reality. As an example, a whole story can be made out of small chunks of information which does not seem harmful picked from different places. In overall, individuals should be extra careful about their privacy at their work places. (Palm, 2009)

So if consider about legal support for this issue, fair information practices are global data protection principles which address privacy issues by defining guidelines. In most countries, fair information practices are implemented through common laws. In USA it is bit different. Laws are tailor made to a specific industry’s needs. As additional legal support for this in USA, Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act Regulations (HIPAA), Section 5 of the Federal Trade Commission Act, Massachusetts Security Rule (201 CFM 17.00) and Payment Card Security Standard (PCI–DSS) can be taken. (Cuinan & Williams, 2009)


As solutions for privacy leakage, some preventive actions can be taken as follows. When designing office layouts, extra effort should be taken in to account in order to design it in a way which protects employee’s privacy. As examples, not placing seats next to each other and separate work cubicles can be taken. (Palm, 2009) .Findings have revealed that even ICT professionals are not aware of ethics regarding data privacy. So formal education on ethical practices might help professionals to develop their knowledge in computer ethics. And also it is important to update company’s privacy policy regularly as necessary and make sure everybody know and follow it. Some employees are not aware of it since they read it for first time when they were recruited. (Kuzu, 2009). Apart from company’s perspective, everyone should take this issue serious and take actions against it in order to secure their privacy more. This review addressed personal information generated by various transactions and privacy problems resulting from the regular usage or sharing of them, reasons for protecting privacy, legal support and solutions for overcoming privacy related issues in depth.



References:

Cuinan, MJ & Williams, CC 2009, 'HOW ETHICS CAN ENHANCE ORGANIZATIONAL PRIVACY: LESSONS FROM THE CHOICEPOINT AND TJX DATA BREACHES', Mis Quarterly, vol. 33, no. 4, Dec, pp. 673-687

Kuzu, A 2009, 'PROBLEMS RELATED TO COMPUTER ETHICS: ORIGINS OF THE PROBLEMS AND SUGGESTED SOLUTIONS', Turkish Online Journal of Educational Technology, vol. 8, no. 2, Apr, pp. 91-110

Palm, E 2009, 'Privacy Expectations at Work-What is Reasonable and Why?', Ethical Theory and Moral Practice, vol. 12, no. 2, Apr, pp. 201-215

Lets have a good start with *SUBNETTING* before everything!

Hi folks,


I thoroughly recommend you to access the following book online or as hard copy and get a perfect start.(Search for that exact title please)
Title : CCNA Cisco certified network associate study guide, 5th edition
Author/Creator : Todd Lammle

In that,master Chapter 3 by reading and doing ALL of those exercises without looking at answers in the back.There are exercises to practice subnetting in head(paperless) also.Believe me.If you do it properly,you should be able to do any subnet calculation within 3 - 5 minutes with/without paper.


Let me know your progress by replying this post.Good luck.Happy subnetting!!!