http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless
you register here to this group. someone else has to give him the access to the drop box folder. I think he needs first to register to drop box as a user and then get a shared permission. From: George Stefanick [mailto:[email protected]] Sent: 17. október 2010 17:36 To: Kristján Ólafur Eðvarðsson Cc: Kelvin Dam; [email protected]; [email protected] Subject: Re: [CCIE Wireless] 1. OEQ Answers (second) Can someone send Manolo a study group invite, please? [email protected]<mailto:[email protected]> 2010/10/17 Kristján Ólafur Eðvarðsson <[email protected]<mailto:[email protected]>> That is very good. I investigated further and I only found this: http://www.dba-oracle.com/t_unauthorized_access_computer_network_crime.htm Evil-twins and honey pots I learned about how hackers work by planting "honey pots", internet-enabled computers with loose security. I kick-back, look-over the crooks shoulder and observe their behavior. In one case, a hacker from China upgraded my version of Linux! The wi-fi equivalent of a honey pot is the "evil twin" attack. "A more recent threat to emerge is the "evil twin" attack. A person with a wireless-equipped laptop can show up at, say, a coffee shop or airport and overpower the local Wi-Fi hotspot. The person then eavesdrops on unsuspecting computer users who connect to the bogus network. At a technology conference in London this spring, hackers set up evil twins that infected other computers with viruses, some that gather information on the user, the Wall Street Journal reported." and this: http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/secwlandg20/sec_wireless_overview.html#wp877732 Wireless, due its over the air transmission, has unique security requirements. The primary security concerns for a wireless network are: *Rogue access points and clients that can create backdoor access to the company's network. *Hacker access points, such as evil twins and honeypots, that try to lure your users into connecting to them for purposes of network profiling or stealing proprietary information. *Denial of service that disrupts or disables the wireless network. *Over the air network reconnaissance, eavesdropping, and traffic cracking. This is now primarily a legacy issue as the wireless industry has done a good job creating standard approaches to user authentication and traffic encryption via 802.11i and WPA. *Controlling the networks wireless users connect to, especially when they are outside of the office. *Wireless security for guest users. So perhaps it is a question of finding the "Cisco answer" to the question. Evil twin i for example not found in the WCS help (but honey pot is). So I would probably bet that honey pot would be more accurate. Those 2 are often mentioned in the same sentence and they probably mean the same in my mind. But since this is a open ended question, you might use both phrases to show that you know what you are talking about. regards. Kristjan From: Kelvin Dam [mailto:[email protected]<mailto:[email protected]>] Sent: 17. október 2010 15:19 To: Kristján Ólafur Eðvarðsson Cc: [email protected]<mailto:[email protected]> Subject: Re: [CCIE Wireless] 1. OEQ Answers (second) Im may very well be way off here, but Im not convinced that the definition of "honeypot" you posted is correct. I believe that a Evil Twin is an AccessPoint, broadcasting the same SSID as a corporation for instance, trying to lure users to use it. A HoneyPot is more or less the same, but doesnt have to be the same SSID, and also used by admins to lure attackers into a confined subnet to be monitored. Im basing my assumptions on these : Evil Twin The attacker uses a bogus base station<http://en.wikipedia.org/wiki/Base_station> that someone connects to using Wi-Fi<http://en.wikipedia.org/wiki/Wi-Fi> wireless technology. By imitating the name of another, legitimate wireless provider, they can fool people into trusting the internet services that they are providing. When the users log into bank or e-mail<http://en.wikipedia.org/wiki/E-mail> accounts, the phishers have access to the entire transaction, since it is sent through their equipment. Unwitting web<http://en.wikipedia.org/wiki/World_Wide_Web> users are invited to log into the attacker's server<http://en.wikipedia.org/wiki/Server_(computing)> with bogus login prompts, tempting them to give away sensitive information such as usernames<http://en.wikipedia.org/wiki/Username> and passwords<http://en.wikipedia.org/wiki/Password>. Often users are unaware they have been duped until well after the incident has occurred. Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to the attacker's base station. The hacker jams the connection to the legitimate base station by sending a stronger signal within proximity to the wireless client - thereby turning itself into an 'evil twin.' A rogue Wi-Fi connection can be set up on a laptop with a bit of simple programming and wireless card that acts as an access point. The access points are hard to trace, since they can suddenly be shut off, and are easy to build. A hacker can make their own wireless networks that appear to be legitimate by simply giving their access point a similar name to the Wi-Fi network on the premises. Since the hacker may be physically closer to the victim than the real access point, their signal will be stronger, potentially drawing more victims. The hacker's computer can be configured to pass the person through to the legitimate access point while monitoring the traffic of the victim, or it can simply say the system is temporarily unavailable after obtaining a user id and password.[3]<http://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)#cite_note-2> HoneyPots A honeypot is valuable as a surveillance and early-warning tool. While it is often a computer, a honeypot can take other forms, such as files or data records, or even unused IP address<http://en.wikipedia.org/wiki/IP_address> space. A honeypot that masquerades as an open proxy<http://en.wikipedia.org/wiki/Open_proxy> to monitor and record those using the system is a sugarcane. Honeypots should have no production value, and hence should not see any legitimate traffic or activity. Whatever they capture is therefore malicious or unauthorized. One practical application of this is a honeypot that thwarts spam<http://en.wikipedia.org/wiki/Spam_(electronic)> by masquerading as a type of system abused by spammers. These honeypots categorize trapped material 100% accurately: it is all illicit. Honeypots can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to break into a system. Victim hosts<http://en.wikipedia.org/wiki/Host_(network)> are an active network counter-intrusion tool. These computers run special software, designed to appear to an intruder as being important and worth looking into. In reality, these programs are dummies, and their patterns are constructed specifically to foster interest in attackers. The software installed on, and run by, victim hosts is dual purpose. First, these dummy programs keep a network intruder occupied looking for valuable information where none exists, effectively convincing him or her to isolate themselves in what is truly an unimportant part of the network. This decoy strategy is designed to keep an intruder from getting bored and heading into truly security-critical systems. The second part of the victim host strategy is intelligence gathering. Once an intruder has broken into the victim host, the machine or a network administrator can examine the intrusion methods used by the intruder. This intelligence can be used to build specific countermeasures to intrusion techniques, making truly important systems on the network less vulnerable to intrusion. Any takers on this? :) Kelvin 2010/10/15 Kristján Ólafur Eðvarðsson <[email protected]<mailto:[email protected]>> Hi Kelvin, That OEQ was rather good. I gave it some thought and scrolled through the help of my WCS server. Which in fact is very good and explains a lot of things. It is a rouge AP so It cant be a friendly based on that fact. Malicious is the same thing basically as a rouge. So they are probably looking for a classification of that rouge. I first read through the classifications of rouges and didn't see a clear answer to that questions but for everyone I like to share this info. "Rogue Access Point Classification Types Rogue access points classification types include: Malicious-Detected but untrusted or unknown access points with a malicious intent within the system. They also refer to access points that fit the user-defined malicious rules or have been manually moved from the friendly access point classification. See "Malicious Rogue APs" for more information. Friendly-Known, acknowledged, or trusted access points. They also refer to access points that fit the user-defined friendly rogue access point rules. Friendly rogue access points cannot be contained. See "Friendly Rogue APs" for more information. For more information on configuring friendly access point rules, see "Configuring Friendly AP Controller Templates". Unclassified-Rogue access point that are not classified as either malicious or friendly. These access points can be contained and can be moved manually to the friendly rogue access point list. See for more information. See "Unclassified Rogue APs" for more information." However when I was reading this I just remembered that I have sometimes got this warning in WCS in real setups. "With Honey pot AP detected" And this seems to best answer to this question. Do you guys agree ? "Honey Pot AP Detected Alarm Description and Possible Causes The addition of WLANs in the corporate environment introduces a whole new class of threats for network security. RF signals that penetrate walls and extend beyond intended boundaries can expose the network to unauthorized users. A rogue access point can put the entire corporate network at risk for outside penetration and attack. Not to understate the threat of the rogue access point, there are many other wireless security risks and intrusions such as mis-configured access points, unconfigured access points, and DoS (denial-of-service) attacks. One of the most effective attacks facing enterprise networks implementing wireless is the use of a "honey pot" access point. An intruder uses tools such as NetStumbler, Wellenreiter, and MiniStumbler to discover the SSID of the corporate access point. Then the intruder sets up an access point outside the building premises or, if possible, within the premises and broadcasts the discovered corporate SSID. An unsuspecting client then connects to this "honey pot" access point with a higher signal strength. When associated, the intruder performs attacks against the client station because traffic is diverted through the "honey pot" access point. wIPS Solution When a "honey pot" access point is identified and reported by the Cisco Adaptive Wireless IPS, the WLAN administrator may use the integrated over-the-air physical location capabilities, or trace device on the wired network using rogue location discovery protocol (RLDP) or switchport tracing to find the rogue device. " regards. Kristjan ---------------------------------------------------------------------- Message: 1 Date: Fri, 15 Oct 2010 08:24:00 +0200 From: Kelvin Dam <[email protected]<mailto:[email protected]>> To: Stalder Dominic <[email protected]<mailto:[email protected]>>, [email protected]<mailto:[email protected]> Subject: Re: [CCIE Wireless] OEQ Answers (second) Message-ID: <[email protected]<mailto:[email protected]>> Content-Type: text/plain; charset="windows-1252" First question in that doc: *A rouge access point broadcasting a trusted SSID is called what? They are called ?Trusted APs? or ?Friendly APs?.* Is wrong I believe...A Rogue broadcasting a trusted SSID is a Evil Twin to the best of my knowledge? Kelvin 2010/10/13 Stalder Dominic <[email protected]<mailto:[email protected]>> > And here with the small answer list ;-) > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com<http://www.ipexpert.com/> > > -- Kelvin Dam -------------- next part -------------- _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com/> -- Kelvin Dam _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> -- George M. Stefanick Jr., CCNA, CWNA, CQS-CWLANSS Sr. Wireless Engineer (717) 471 - 6186 Mobile (717) 798 - 8255 Skype
<<inline: image001.png>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
