Wednesday, April 09, 2008

Wireless Network Security: How to Use Kismet

Kismet is a wireless network detector / sniffer which can give you a vast amount of information about wireless networks. Wireless network security flaws are well documented but often very hard for the common person to understand. I will be showing you how to use kismet with out even having to install Linux, or compile kismet.

First you need to proceed to remote-exploit.org and download and burn their Auditor CD. (IF you don’t know how to burn an ISO image, go to Google). This version of Linux doesn’t install or modify your hard drive; it will boot from the CD and use a Ram Drive (On your Memory).

Auditor is not only a great tool for testing wireless network security with kismet but it also has many other computer security tools on it as well.

Client Window

Next, to start Kismet proceed to the Linux version of the start menu, and press Auditor. Now proceed to the wireless /scanning/kismet tools/kismet.

Once you click on Kismet it will ask you for a default location to place the Kismet log files for analyzing later, just press the desktop or temp file.

Now I will show you how to use Kismet. When kismet initially opens you will see a greenish box with numbers and network names (If any are near you) clicking away don’t be overwhelmed. (Also I can’t show you how to use kismet if you don’t have the correct wireless adapter, get an ORINICO Gold Classic Card off EBAY.) The Orninco gold classic card will be automaticly detected by auditor linux.

The Kismet columns will show the wireless networks SSID (Name), Type of device (Access point, gateway) Encryption or no Encryption, an IP range and number of packets. Kismet will pick up hidden networks with SSID broadcast Disabled also, Netstumbler will not.

Now Press H, to bring up the Help Menu. This will give the nuts and bolts on how to use kismet. If you tab down to the network you are auditing and press “C”, Kismet will show you all the computers that are using that wireless access point / gateway. This Kismet screen will show you the clients MAC address, Manufacture of Wireless Adapter, IP address range and traffic.

Kismet: Help Menue

Now to get out of that screen press “Q”. Tab Down on the Main Kismet Screen to another SSID and press “I”. This Kismet window will show detailed information about the wireless network. The Kismet detail screen will show the type of network (Infrastructrure / Adhoc), signal strength, channel, encryption type, and much more.

Kismet will also give you sound alerts when new wireless networks are discovered or security alerts or suspicious clients are in range. Suspicious clients would be people like you who are using Kismet or Networkstumbler. Unlike you these could be Wardrivers looking for venerable networks to hack into.

Kismet Alert Page

You can prevent War drivers from discovering your wireless network by performing a proper site survey which will help limit signal bleed off to unneeded areas. You should write down the suspicious MAC address and keep an eye on your access logs. If the War Drivers are really stupid just look out your window and look for cars with weird antennas.HA HA HA.

Kismet is more than just a tool to discover wireless networks; it can be used in conjunction with other tools to crack WEP/WPA. Many websites will claim that WEP can be cracked in less that five minutes. This is only half the truth because it could take many hours,days,months to gather enough packets to crack. Good luck and have fun learning the more advanced applications of kismet.

Network Security - Methods For Controlling Threats

Since firewalls are so commonly used it is worth exploring them in greater depth. Corporations often set up rules for managing their Web connections using firewalls. A firewall enables a company to designate how all end users can use their network and decide what information is passed through Web servers and other servers.

There are several methods a firewall uses to control traffic that comes into and goes out of the network. One way firewalls do this is through packet filtering. During this process a firewall analyzes small packets of information against pre-designated filters. All data is sent via small packets of information through filters. Safe information is passed through and unsafe information is generally removed.

Another way firewalls mitigate traffic is through proxy service. This means the firewall retrieved information from the Web and sends it to the requesting computer. Still another method of traffic control used by firewall is stateful inspection. This technique allows the firewall to compare certain parts of the data packet to information gathered from trusted sources. Information going to the firewall from the Internet is monitored to determine whether it contains key characteristics that suggest the information is safe rather than harmful. Information designated as safe passes through freely and other information is blocked.

The methods a company selects will depend on a number of factors including personal preferences. Regardless of the method a firewall uses however a company or network administrator can customize the firewall to filter information based on a pre-established set of criteria.