Security Fundamentals
Access

System access, in this context, is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or password. Entering or accessing systems to which one does not have authorized access usually involves running a hack script or tool that exploits a known vulnerability of the system or application being attacked. Access is an all-encompassing term that refers to unauthorized data manipulation, system access, or privileged escalation. Some examples of access include the following:

  • Exploitation of weak or non-existent passwords
  • Exploitation of services such as HTTP, FTP, SNMP, CDP, and Telnet.

The easiest hack is called Social Engineering. It involves no computer skills at all. If an intruder can trick a member of an organization into giving out valuable information such as locations of files and servers or passwords, then the process of hacking is made much easier.

Rogue AP Attack
Most clients will associate to the access point with the strongest signal. If an unauthorized AP, which is generally a rogue AP, has a strong signal, clients will associate to the rogue AP. The rogue AP will have access to the network traffic of all associated clients. Therefore, the rogue AP can be used to perform man-in-the-middle attacks against encrypted traffic like SSL or SSH. The rogue AP can also use ARP and IP spoofing to trick clients into sending passwords and sensitive information. The rogue AP can also request non-Wired Equivalent Privacy (WEP) protected sessions with clients during association.

Wired Equivalent Privacy (WEP) Attacks
Attacks against WEP include Bit Flipping, Replay Attacks, and Weak IV collection. Many WEP attacks have not been released from the laboratory, but they are well documented. One utility, called AirSnort, captures weak Initialization Vectors to determine the WEP key being used. Figure shows an AirSnort screen.


Web Links