week6_WIFI AND ENCRYPTION LAB

WIRELESS AND ENCRYPTION LAB WiFi: Wardriving, a popular technique is simply driving aroundwith inexpensive equipment that randomly searches for access points that have not been secured. Hackers use varioustools to discover unsecure access points and in this lab, Wifite will be explored in its utility to discover unsecure access points. Wifite Discovering Aps with Wifite: Learn how to use Wifite to scan for APs. 1. Log into the vCLoudand follow the instructions on page 318 and 319 of your course book— Discovering APs with Wifite (Activity 11-3) 2. What information did you find? What does this information provide you as an ethical hacker? (think providing security solutions). Recordyour answers. While working on this lab, I opened my Kali Linux VM, opened my terminal and typed in Wifite. After typing Wifite, it took around 10-15 seconds for the scanning to complete. I then saw SSID's of local networks near me and even the guest Wi-Fi of a Two Stones Pub restaurant. I saw the ENCR numbers, most of them were WPA2 except one which was still using WEP. I then saw a listing showing "Power" and “Client". As an ethical hacker, I feel this tool is very useful for a couple reasons. One of them is because if I am a pen tester for the company and I notice the network is using unsecure access points, I can go ahead and point this out to them so they can improve their network security. Another reason why this is useful is this will give you good insight on whether you need to change your SSID name as well. There isconcern though that if a malicious hacker were to use this for malicious purposes, they could launchattacks ranging from DNS spoofing to DDoS attacks etc.

Encryption—Understanding Public Key Infrastructure: Public Key Infrastructure (PKI) is a combination of hardware, software, people, policies and procedures required to create, manage, distribute, use, store and revoke digital signatures. Components of PKI: Certificate management system —generates, distributes, stores and verifiescertificates. Digital certificates —establishes credentials of a person when doing online transactions. Validation authority —stores certificates (with their public keys). Certificate authority —issues and verifiesdigital certificates. End user —requests, manages and uses certificates. Registration authority —acts as the verifierfor the certificate authority. Creating a rogue server certificate by breaking a hashing algorithm: Investigate what attackers can do with results of an MD5 collision. 1. Log into the vCLoudand follow the instructions on page 347 and 348 of your course book— Creating a rogue server certificate by breaking a hashing algorithm (Activity 12-3) Recordyour answers. The researchers collected 30,000 Web site certificates in 2008. How many were signed with MD5?9,000 What kind of hardware was used to generate the chosen-prefix collision? PlayStation 3's How much money did the researchers spend on certificates? $657.00 What was the impact of generating a rogue CA certificate? The impact was being able to fully sign trusted certificates and a malicious attacker can pick a more realistic CA name and fool experts. What would this certificate allow someone with malicious intentions to do?