FL2: Terminologies, Tools, and Software
2024, August 30
Disclaimer: The content provided in this article has been given by the faculty for educational purposes. dmj.one does not verify the originality or legal standing of the material. If you believe that content shared on dmj.one violates your intellectual property rights, please contact us (message button on the right side) immediately for review and resolution. We will investigate and take appropriate action, including content removal if necessary.
1. Methods and Tools Used in Wireless Hacking
Wireless hacking involves exploiting vulnerabilities in wireless networks to gain unauthorized access or information. Ethical hackers use these techniques to identify and fix flaws in wireless security systems.
Common Techniques
- Packet Sniffing: Captures and analyzes data packets transmitted over a network. Tools like Wireshark are used to intercept communication in unencrypted wireless networks.
- Man-in-the-Middle Attacks (MITM): Intercept communication between two parties. Tools like Ettercap allow attackers to eavesdrop and modify data.
- Deauthentication Attacks: Disrupts wireless connections by sending fake deauthentication frames.
- Password Cracking: Tools like Aircrack-ng use dictionary attacks or brute force to crack weak passwords.
Ethical Considerations
- Ethical hackers must obtain proper authorization before testing networks.
- Abiding by laws like the Computer Misuse Act ensures legality.
- Use hacking tools for defensive purposes only, not exploitation.
Defensive Measures
- Use Strong Encryption: Implement WPA3 for robust wireless security.
- Secure Network Configurations: Disable WPS and use long, complex passwords.
- Intrusion Detection and Prevention Systems: Monitor traffic for unusual patterns.
- Regular Security Audits: Identify vulnerabilities proactively.
2. Difference Between Firewall and Honeypot
Firewalls and honeypots are vital tools in cybersecurity but serve different purposes.
Firewall
- Definition: A security device that monitors and controls network traffic based on predefined rules.
- Functions: Packet filtering, stateful inspection, and blocking unauthorized access.
- Strengths: Effective in preventing unauthorized entry.
- Limitations: Cannot detect unknown or internal threats.
Honeypot
- Definition: A decoy system designed to attract attackers.
- Functions: Collects data on attack techniques and intentions.
- Strengths: Useful for research and identifying zero-day exploits.
- Limitations: Can become a liability if attackers exploit it.
Examples of Deployment
- Firewalls: Perimeter protection in corporate networks.
- Honeypots: Researching attack methods in isolated environments.
3. Role of IDS and IPS in Network Security
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) work together to detect and prevent cyber threats.
IDS
- Definition: A system that monitors network traffic for suspicious activities.
- Functionality: Sends alerts when it detects potential threats.
- Tools: Snort, Suricata.
IPS
- Definition: A system that actively blocks detected threats.
- Functionality: Automatically drops malicious packets.
- Tools: Cisco IPS, TippingPoint.
Comparison
- IDS: Passive system that alerts administrators.
- IPS: Active system that prevents threats automatically.
Working Together
- IDS: Identifies unknown threats.
- IPS: Blocks known and identified threats.
4. Session Hijacking
Session hijacking occurs when attackers gain unauthorized control of a user’s session in a web application.
Methods of Exploitation
- Session Fixation: Forces the user to use a known session ID.
- Session Sidejacking: Captures session data through packet sniffing.
- Cross-Site Scripting (XSS): Injects malicious scripts to steal session tokens.
Security Risks
- Unauthorized access to sensitive information.
- Financial loss or identity theft.
- Compromise of entire systems in enterprise networks.
Countermeasures
- Encryption: Use HTTPS to secure communication.
- Secure Cookies: Mark cookies as HttpOnly and Secure.
- Session Expiration: Implement automatic logout after inactivity.
- Multi-Factor Authentication (MFA): Adds an extra layer of protection.
5. Differences Between SQL Injection, XSS, and Buffer Overflow Attacks
These are common vulnerabilities in web applications.
SQL Injection
- Definition: Malicious SQL queries are executed to manipulate databases.
- Risks: Data theft, unauthorized access, database manipulation.
- Example: Inputting "1=1" in a login field to bypass authentication.
- Countermeasure: Use prepared statements and parameterized queries.
Cross-Site Scripting (XSS)
- Definition: Injecting malicious scripts into web pages.
- Risks: Session hijacking, phishing attacks.
- Example: Injecting `
<script>alert('Hacked!')</script>` in a comment section.
- Countermeasure: Validate and sanitize user input.
Buffer Overflow
- Definition: Overflows memory buffer to execute malicious code.
- Risks: Crashes applications, escalates privileges.
- Example: Supplying 1000 characters to a field expecting 10.
- Countermeasure: Implement bounds checking and use modern compilers.