Ethical Hacking

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 89 today we're going to discuss about The first part of securing your organization is maintaining a good perimeter defense around your building.Now based on your organization this is going to have different requirements based on what kind of work you do.For example, if you work for the government or the military, you may be dealing with classified information and if that's the case you may see a big eight foot tall chain link fence with barbed wire at the top surrounding the building.You may have access control points that are guarded by soldiers with guns.There might be vehicle barricades, there might be other such things that are going to keep people away from the building unless they're authorized to be there.This makes sense for them right because they're dealing with secret and top secret information and they want to make sure nobody gets access to it that shouldn't Now your company probably doesn't have this level of security though. And instead they're going to rely on surveillance cameras and closed circuit TV.Now when we talk about closed circuit TV or CCTV as it's also called, these come in lots of different solutions.The first two types are wired and wireless.A wired solution means that this TV camera that's being placed around your building is going to be physically cabled from its device all the way to a central monitoring station.Now if you're using a wireless solution, these are a lot easier to install but because they're wireless they could have interference with other systems and an attacker could try to jam them. There's also indoor and outdoor,some CCTV systems are only designed to work indoors and others are used for outdoors. If you're going to be monitoring the parking lot, you need an outdoor camera that's going to be able to stand up to the elements like rain and snow and things like that.If you're going to be monitoring things indoors,like access to and from server room access to and from the lobby, this would be something you could use an indoor camera for.They're a lot cheaper because they don't have to be held up to that standard that works in the outside. Another feature you might want to look at with your CCTV is what's known as PTZ which is pan, tilt, and zoom. This is what you might've seen in some movies.If there's a security guard as in part of the bank heist and he's able to take a joystick and move the camera to look a different direction and tilt it up and down, pan it left and right, or zoom in or zoom out.That's a PTZ system. Another type of system we have is what's known as an infrared system which looks at things based on their heat, as you can see in this image.You could see the laptop is producing heat and we'd be able to see it. The final type is what's known as ultrasonic which is used for sound-based detection.If you've ever watched the Mission Impossible movies,they had an ultrasonic system that would sit there and listen, if even a pin dropped on the floor,it would set off the alarm and that way this guards could come running in and arrest the perpetrator.Now when you place your cameras, placement is really importantand you have to figure out what are you trying to guard.Most of the time you're trying to guard your entrances and your exits.If you're pointing the cameras at the entrance or exits, you'll be able to see when people enter or leave the facility.This would be both the entrance and exit of your building but also of your server room and other secure locations.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 88 today we're going to discuss about Physical security.Physical security is really important to your organization's network security.After all, if an attacker is able to touch your network,your server, or your work stations,they can take control over those devices and do whatever they want with them.While we've been talking a lot in this course about all of the logical protections you can put in place,things like firewalls and intrusion detection systems,router ACLs, passwords, encryption,and all sorts of things like that,our physical security is just as important.Now, physical security is usually broken down into three main areas.We have the perimeter,we have the building,and then we have the room itself.So when I start talking about the perimeter,I'm talking about, as I approach your building, what is in my way?Are there fences?Are there guards?Is there some sort of vehicle access point?All of those type of things, that's our perimeter.What keeps us at bay and away from the building? Next, we get to the building security. Is the front door unlocked? Can I walk right in? Do I have to show my ID? Do I have to check in with somebody? What are the different controls you're putting in place to secure that building?And then finally we have the security of the room where your equipment is located.Now, if this is an office, this is going to be someplace that people actually work, and so people have to be able to get in there to access those terminals.How are you keeping unauthorized people out of those offices?And if you're dealing with a server room or a networking closet, those are places that people don't normally work inside of.And so when nobody's in there, we should be locking those using some sort of locking mechanism,whether that's a door lock, an electronic lock,or some other mechanism.Now, we'll talk about that all inside this section of the episode.

Hello everyone welcome to the show "Ethical Hacking" episode 87 today we are going to discuss about We just spent a lot of time talking about wireless networks, but there are other wireless networks out there besides Wi-Fi.These include things like Bluetooth,RFID, Near Field Communication, cellular,GPS, and satellite communications.Previously, we've talked about some vulnerabilities with Bluetooth.I want to remind you of two big terms when it comes to Bluetooth.This is bluejacking and bluesnarfing.I'm covering these again because I guarantee you're going to get at least one question on test day about either bluejacking or bluesnarfing really loves to ask that for some reason.Bluejacking is the sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and tablets.Bluesnarfing, on the other hand,is the unauthorized access of information from a wireless device through a Bluetooth connection.So, to simplify this for the I want you to remember this.Bluejacking sends information to a device where Bluesnarfing takes information from a device.If you remember those two things,you'll do great on the exam.Also, when it comes to Bluetooth,remember you don't want to allow your device to use the default PIN for its pairing operations You should always change the PIN to something more secure than 1234 or 0000.Next, we have Radio Frequency Identification or RFID.RFID devices have an embedded radio frequency signal that's used to transmit identifying information about the device or the token to a reader that's trying to pick it up.RFID refers to a large category of devices and technologies,but, for the exam, the specifics of RFID are not that important.Instead, you need to focus on the fact that RFID devices can send information from a card to a reader to provide authentication or identification.For example, one of the most common devices that we use RFID for is a card that looks like a credit card,and can be used as part of your alarm system or door access system.So, with these cards, you can swipe your card over the reader, and it identifies you and allows you to enter the building.Because there are so many different types of RFID devices, RFID can operatein either very close environments or very far environments.It can be as close as 10 centimeters from the reader or as high as 200 meters from the reader depending on the particular device and technology in use.Because of that large distance,RFID is subject to eavesdropping,the ability to capture, replay, and rebroadcast its radio frequency as part of a larger attack.To minimize the ability to eavesdrop on RFID, an idea called Near Field Communication was invented.Near Field Communication or NFC allows two devices to transmits information when they're in close proximity to each other.This occurs using an automated pairing process and transmission process of that data.For example, some cellphones have the ability where you can touch the cellphones together to pass photographs back and forth.Other uses of NFC are common place in payment systems.For example, I have an iPhone,and I can hold it over a credit card terminal to pay with my credit card that's linked through Apple Pay.This is an example of a Near Field Communication device.Just like RFID, we do have to worry about the possibility of interception of that wireless information though because it could be replayed and rebroadcast Now, luckily for us, NFC does require the devices to be very close for the communication to work.

Hello everyone welcome to the show "Ethical Hacking" episode 86 today we are going to discuss about So we've talked about securing our wireless networks.Let's now spend a few minutes talking about the different types of attacks that focus on our wireless networks.The first is war driving.War driving is the act of searching for wireless networks by driving around until you find them.You could try this tonight. You can go sit in the backseat of your car,have your friend or your wife,drive you around the neighborhood and see which networks you can connect to.That's the idea here.They're simply going to drive around and hunt for networks.Now the attackers here are going to use different tools to do this.They can use wireless survey tools or other open source attack tools, but the common theme here is just finding out what networks are around and where you can access them from.Why would an attacker want to find open wireless networks or networks that they can get on to?It's not necessarily to attack your network,but it's to attack other networks through your network.So that way if they are doing some hacking or something like that,it traces back to your home and your home network,as opposed to tracing it back to them.The next type of attack is called war chalking.War chalking is the act of physically drawing symbols in public places to denote the open, closed, or protected networks that are in range.It gets its name because in the early days,people would actually take chalk and draw on a telephone pole different symbols to tell other people what it is.Now an example of this might be as you're doing a war driving,you might find an open network.If you did, you could find a telephone pole nearby,you can mark it down with a symbol like this.We have two open half circles faced back to back with the SSID of it written above them and the number below to signify the bandwidth of the network.Afterall, attackers can be nice people too.And they like to share their findings with others and they wouldn't want somebody else wasting their time looking for a network,only to find it has low bandwidth.So by marking that down,you can help other people avoid that network.Now in addition to open networks, you may find closed networks If you find a closed network,it's going to be a closed circle with an SSID written above it and bandwidth written below it.This tells us that network has some kind of encryption,it's closed,but we haven't quite figured out the password yet.Now if we do figure out the password,we can actually use this other symbol.We have the closed circle,we have the SSID on the top left left,we have the password on the top right,and the bandwidth below it.Inside the circle we might write something like W or WEP or WPA2,so people know what type of encryption they need to connect to that network.Now as I said war chalking is not nearly as popular as it used to be.In fact we don't really see a lot of these symbols around in the city anymore.Instead, most of this is being done digitally. This is being done as part of websites or other apps that hackers use and share their finds,so people know what other kind of WiFi is out there.The next attack we have is known as an IV attack.An IV attack occurs when an attack observes the operation of a cipher being used with several different keys and they findthis mathematical relationship between those keys to determine the clear text data.Now I know that sounds really complicated,but the good news is you don't have to do the math to do it.There's programs that do it for you.This happened with WEP because of that 24 bit initialization vector.It makes it very easy to crack WEP because there's programs that do it for us.

Hello everyone welcome to the show "Ethical Hacking" episode 85 today we are going to discuss about Wireless access points.In addition to selecting the right encryption,it's also important to select the right placement and configuration of your wireless access points,in order for you to achieve a good security posture.Most small office, home office wireless system rely on a single point to multi-point setup.This relies on having a single access point that services all of the wireless clients.For example, on this floor plan,you can see the strongest signal is the red spot,that's centered around a single wireless access point,and all of the other office cubicles are connecting back into it.In this next example,you can see a multi-point to multi-point system.This has multiple access points that are going to be used to provide the wireless network services in an ESS,or extended service set configuration.They're all going to work together to provide one common network that's supported by these multiple access points.Now, in both of the previous examples,the wireless access points are using an omnidirectional antenna.This means that the access point is going to radiate out its signal equally in every single direction.Now, this can be good from a coverage perspective,but it also is dangerous.You may want to control which direction the signal is actually radiated, and if you do,you can do that using a bidirectional or a unidirectional antenna.For example, in a unidirectional antenna,all of the transmission power is going to be focused at a single direction.This allows you to choose which areas receive the signals,and which ones don't.So in this example,we're using a left-side focused antenna and it only transmits out to computers on that side of the building,while the computers on the right are going to remain in an uncovered area and not get any signal.Now, we've talked about this back in our network plus curriculum as well,but from an operational standpoint,we're trying to increase the coverage to all areas,when we're talking network plus.Now, from a security perspective, though,we may actually want to limit the area of coverage.Let's look at our heat map once more.Here you can see an extended service set configuration with two access points.Each of those access points has omnidirectional antennas.This is giving us good,adequate coverage around the office base,as you can see inside the floor plan.So our network technician for network plus did a good job here.Now, for this office,each cubicle also has a wired physical connection,but the access point there is just to provide the employees access while they're sitting at those conference tables in the middle,or if they're walking around using their cellphones.Now, all of this is great,and there's good coverage,meaning that it's meeting our operational needs.But, you'll also notice that orange and yellow area,which represents the medium and lower signal areas that are radiating outside the walls of the building.

Hello everyone welcome to the show "Ethical Hacking" episode 84 today we are going to discuss about Wireless encryption. Another huge vulnerability in wireless networks is the encryption that you choose to use.In this lesson, we're going to do a quick review of wireless encryption types,that you learned back in your Network Plus studies.The reason for this is because encryption of your data being transmitted is going to be paramount to increasing the security of your wireless networks.Now, most wireless encryption schemes rely on a pre-shared key.This is when the access point and the client use the same encryption key to encrypt and decrypt the data.The problem with this is scalability becomes difficult.Think about it, when a friend comes over to your house,to use your WiFi.You have to tell him your password.Now, if you have 50 friends come over,you're going to tell 50 different people your password,and now, all 50 of them know your password.And so, this is one of the first problems that we have with wireless encryption,is that if you're going to use a pre-shared key,you've got to figure out a secure way to distribute that key to everybody,and keep it secret.If all 50 people know your password,then it's probably not that secret anymore.Now, there are three main types of encryption that are in use from wireless networks.We have WEP, WPA, and WPA2.WEP is our first one.WEP is the Wired Equivalent Privacy.This came from the original 802.11 wireless security standard,and it claimed to be as secure as a wired network.I'm going to prove this wrong to you in our demonstration later,because we're going to brute-force WEP,and break it in about three minutes.WEP was originally used with a static 40-bit pre-shared encryption key,but later it was upgraded to a 64-bit key,and, then again, to a 128-bit key.This isn't the main problem with WEP, though.The main problem is a 24-bit Initialization Vector,or IV, that it uses in establishing the connection,and it's sent in clear text.As I said, WEP is not very secure,and because of this weak Initialization Vector,we're going to be able to brute-force WEP in just a couple of minutes,using using Aircrack-Ng and other tools.So, to replace WEP, they came up with WPA.WPA is the WiFi Protected Access standard.It uses a Temporal Key Integrity Protocol, or TKIP,which uses a 48-bit Initialization Vector,instead of the 24-bit Initialization Vector used by WEP.The encryption that it uses is the Rivest Cipher 4,or RC4, and it added Message Integrity Checking, or MIC.And, it uses all of this to make sure that the data is secure,and ensuring that it's not modified in transit.Overall, it's a pretty good standard,but it does have some flaws,and so version 2 was released to fix those.WPA version 2, or WiFi Protected Access version 2 was created as part of the 802.11i standard,to provide stronger encryption and better integrity checking.The integrity checking is conducted through CCMP,which is the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol.And, the encryption uses AES,the Advanced Encryption Standard.AES supports a 128-bit key, or higher,and WPA2 uses either a personal mode,with pretty short keys,or an enterprise mode,with centralized authentication via a radio server,or another centralized server,to handle that password distribution we were talking about.Now, I want to pause here for a second,and before we go any further,give you a couple of quick exam tips.First, if you're asked about WiFi,and it uses the word, Open, in the question, it's usually looking for some kind of answer that says the network has no security, or no protection.

Hello everyone welcome to the show "Ethical Hacking" episode 83 today we are going to discuss about Securing WiFi devices.Wireless devices are much less secure than our traditional networks because their data streams are simply flying through the air,waiting to be gobbled up by some attacker sitting out there.When we talked about wire tapping in the last lesson,we talked about having to gain access to the network physically.Well, with a wireless network that challenge is eliminated because the network is literally floating in the airways.In this lesson we're going to discuss some of the basic vulnerabilities associated with wireless networks and how you can combat them.First, the administrative access on the wireless access point is a vulnerability.Usually these have default user names and passwords like admin, admin like we discussed before.And you have to make sure you secure them.Also, remote administration should be disabled on your wireless access points.Remote administration is something that allows you to connect over the internet and then make changes to your wireless access point.You don't need that.Instead you should turn it off and make sure that you're doing it locally inside your network only to minimize that risk.The second vulnerability we have to think about is the service set identifier,or the SSID.Back in network plus you learned that the SSID is what uniquely identifies the network and it acts as the name of the wireless access point that the clients are going to use to connect to it.For example, if you came by my offices,you would see that my network is the oh so hard name to guess of vijay.Anyone who sees that might think hey that might be vijay kumar's WiFi, right?Well, that's the SSIDs job.It sits there and it broadcasts out hey I'm here,I'm here, I'm vijay, I'm vijay I'm vijay Now, according to you should disable the broadcast.So clients have to already know the name of it prior to connecting to it.They say this is a way to slow down the bad guy from attacking your network.As an ethical hacker myself,I can tell you that it isn't really going to slow me down.If you aren't broadcasting openly,your clients are still sending the same wireless access point information and that SSID with every single communication they make.It takes me about five seconds to find out your SSID if you're not broadcasting.So by disabling it you're just making operations harder for yourself and you're not really gaining any security here.Now all of that said,if you're asked disable SSID broadcast is considered good security in the security and you should implement it.In the real world, it really doesn't matter that much.Now the next one we're going to talk about is rogue access points.Rogue access points are another vulnerability out there.A rogue access point is an unauthorized wireless access point or wireless router that somebody connected to your network and it's going to give access to your secure network.For example, if you walk around your office and somebody decided that they didn't want to plug into that RJ45 jack all the way in the back wall over there,so they put a wireless access point so they can access it throughout the whole room.That makes operations easy for them,but that wireless access point wasn't properly configured.This is going to extend your wired network into the wireless realm,and it can introduce it's own DHCP server and cause all sorts of other issues.To prevent this you should enable MAC filtering on the network,network access control and run a good IDS or IPS on your network that can detect or prevent these devices when they initially try to connect.

Hello everyone welcome to the show "Ethical Hacking" episode 82 today we are going to discuss about Securing network media.Network media is the cabling that makes up our network.This can be copper,fiber optic, or coaxial.And they're going to be used as a connectivity method inside of our wired networks.Now, in addition to all the cables there's other parts of the cabling plant we have to think about.All those intermediate devices like patch panels, punch-down blocks,and network jacks all make up this cabling plant that runs throughout our organization.And each part of that can be a vulnerability for us.The first vulnerability I want to discuss is EMI.This stands for electromagnetic interference.Electromagnetic interference is a disturbance that can affect electrical circuits,devices, and cables due to radiation or electromagnetic conduction that occurs.Now, EMI is something that happens normally inside our businesses and inside our homes.EMI is caused by all sorts of things, like televisions,microwaves, cordless phones, baby monitors,motors like inside your vacuum, and other devices.Anything that is really a powered device,even handheld drills can cause electromagnetic interference.Now, to minimize EMI you need to install shielding around the source, for instance,your air conditioner lets off a lot of EMI.You could put shielding around that.Or you can shield the cable itself by choosing shielded twisted-pair.Now, STP cables, or shielded twisted-pair,have foil around either each twisted-pair in the cable or around the entire bundle of twisted-pairs to prevent emanations out of the cable or interference entering into the cable.STP gives you double benefit, it keeps things out, and it keeps things in.This is good for security and helps minimize this vulnerability.Now, the next vulnerability we have is called radio frequency interference, or RFI.RFI is just another type of interference like EMI.Like EMI it's a disturbance that can affect your electrical circuits,your devices, and your cables.But instead of being caused by electrical waves it's caused by radio waves.Most often from AM and FM transmission towers or cellular phone towers.Now, cell towers and radio towers near your office can be a big source of RFI in your wireless networks.And when you have a significant amount of RFI this can cause to network connectivity problems for your wired networks, as well as disturbing your wireless networks too.Now, this is something that you're going to have to address.And a lot of it is going to be addressed by shielding the building or getting stronger devices that can overcome the radio frequency interference that's occurring.Another vulnerability we have is what's known as crosstalk.Crosstalk occurs when a signal is transmitted on one copper wire, and it creates an undesired effect on another copper wire.So, when we think about having two copper wires,like inside of a twisted-pair cable,if the shielding inside that protects those wires comes off,then we can actually have crossover from one wire to another.And that causes interference because of the data emanations and EMI.Crosstalk is essentially that,but in very close proximity.Now, this becomes very common with older cable network types, things like Cat3 networks,or even some early Cat5 networks.Most of our Cat5E and Cat6A networks aren't really subject to crosstalk nearly as much.Another place is see crosstalk happen a lot is if you have punch-down blocks,and you decide to use an older terminal,like the old 66 blocks that were used for phone lines,and tried to use that for networks.Networks should always use a 110 block,like you learned back in Network because it gives more spacing and prevents crosstalk from occurring.The next thing you want to talk about here is STP cables because STP cables are really helpful to our networks.They can prevent some of that RFI, they can prevent EMI.And they can help with crosstalk.

Hello everyone welcome to the show "Ethical Hacking" episode 81 today we are going to discuss about Securing network devices.Network devices include things like switches, routers,firewalls, IDS, IPS, and more.Each of these different devices has its own vulnerabilities that have to be addressed.But for the security.we're going to focus on the most common vulnerabilities across all of these different devices.The first vulnerability we're going to talk about is default accounts.These are accounts that exist on a device straight out of the box when you buy it.So for example, if you buy a small office,home office wireless access point.Like a Linksys or a D-Link, or something like that,it's going to have some accounts already established on there.It might have one like admin or administrator or user,or something of that nature.All of these default accounts are very easy to figure out and very easy to guess.And so it's important for you to actually change these names so that they're not something that an attacker can easily guess.And then all they have to do is guess your password.Now, this applies to your organizations as well.You want to make sure that your naming schemes aren't really easy to guess.Unfortunately, though, most organizations are going to use a common naming scheme for all of their users.For example, most organizations like to use first name dot last name.So if your name was vijay kumar like me,you're [email protected] sometimes they'll do something like [email protected], where it's the first letter and the last name.Any of these make for a great,normal, easy to understand naming scheme.That makes operations very easy.But it also makes it fairly easy to guess.Because if I see that [email protected] is one email,then I can probably guess that Susan.Smith is also there.Or whoever else I'm dealing with.You want to make sure you're thinking about this and you're starting to add diversity,and making sure that those default user names are changed.Now, the next thing you want to think about is the device user name as well.There's defaults for this too.I've seen people call them router or switch as the user names.That's not a good plan either.When you're creating a device account,you want it to be something more complex.So maybe it's rtr for router with a couple of numbers after it.Something that's not easily guessable.That's what I'm talking about here as we try to change these default accounts.The next issue we have goes right along with default accounts,it's weak passwords.Don't leave passwords as their default.For instance, those Linksys routers we all have,they're admin for user, admin for password.That is horrible.We also don't want to use any words that are in the dictionary.Your passwords need to be long, strong and complex with at least 14 characters long, upper case, lower case, special characters and numbers.By having this mixture, it's going to increase the time it takes to brute force that password,and make it much harder for an attacker to break in to your network.So for example, if I have the password of password,which is all lower case, I'm only using 26 different options because lower case letters are A through Z.And so if I look at that, that's considered a weak password.If I add some upper case to it, now I have 52 characters because I have upper case and lower case.So I have something like password,where the P, the S's and the D's are upper case and the other letters are lower case.If I want to make it even more secure,I can add numbers to that.And I'll change out the S's for fives and the Os for zeroes, things like that.And this is going to give us more choices, again,because we have 26 lower case, 26 upper case and 10 numbers, zero through nine.But if we want it to be the best and most secure that it possibly can be, we want to add symbols to this too.And so now we're going to get something like 70 different options.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 80 today we're going to discuss about In this section of the course,we're going to talk about securing your wired and wireless networks.We're going to start out with wired network devices,things like switches and routers,and then we'll move into the cabling that helps put all these networks together.After that, we're going to start talking about wireless networks and how we can better secure them and all the different types of attacks that exist for wireless networks.We'll even go through a demonstration in this section where I'm going to show you how easy it is to break wireless encryption and we'll be able to do that in about just two or three minutes.So it's really important to understand how to secure your networks properly so attackers can't do this to you.Now finally, we're going to round out this section by covering other types of wireless technology in addition to wifi,things like RFID,near-field communications,bluetooth, satellite communication,GPS, cellular, and others.So let's get started.