Need Help With This Assignment?

Let Our Team of Professional Writers Write a PLAGIARISM-FREE Paper for You!

SUBMIT YOUR ASSIGNMENT

Computer Science

Wireless Network Attacks

Wireless Network Attacks

Part 1: Wireless Hacking

Tools Used by Black Hackers to Attack Wireless Traffic

The tools used in wireless hacking entail special software programs that crack Wi-Fi networks using advanced mechanisms such as dictionary attacks, brute force attacks, a man-in-the-middle attack, and side-jacking. Aircrack is a tool commonly used to crack (Wireless Equivalent Privacy) WEP and Wi-Fi Protected Access (WPA). It accomplishes that attack by monitoring and collecting sufficient packets from where it strives to recover passwords. The second tool is the freely available AirSnort, which tries to decrypt the keys of the captured packets.

Kismet is yet another tool written in C++ with the potency to sniff DHCP, ARP, UDP, and TCP packets. It is open-source and works by finding hidden networks suitable for wardriving activities. It is uniquely designed not to interfere with the network, implying it is a passive program. CoWPatty is a wireless hacking software that centrally perpetrates attacks on WPA networks using pre-shared keys. Though its execution speed is relatively slow, it can perform the expected tasks equally. It exploits the wordlist file in conducting dictionary attacks.

Need help with your assignment ? Reach out to us. We offer excellent services.

Cain and Abel are widely used in passwords because they can sniff a network, crack encrypted passwords, and perpetrate cryptanalysis attacks (Mattie, 2020). It is worth noting that this program also examines wireless protocols in performing attacks. Air Jack is another software the attackers use to flood a network with dirty packets to conduct denial of service attacks. The Omnipeek is quite advanced as it works by analyzing protocols and sniffing. However, it is commercially available, unlike other tools.

Reaver employs a brute force approach to materialize an attack. It has a higher response time and acquires WPA2/WPA passphrases by targeting setup registrar PINs that Wi-Fi protects. Finally, the Cloudcracker applies a dictionary-based approach to crack passwords. It is easily and freely available, hence preferred by vast hackers.

Possible Attacks Against WPA Encrypted Traffic

WPA was released in 2003 as a new advanced standard to fix the challenges WEP poses (Tews & Beck, 2019). However, it is equally prone to attacks, given that the hackers improve their techniques as technology advances. For instance, the Key Reinstallation Attack (KRACK) is popularly exploited to capture sensitive data transmitted via an encrypted Wi-Fi connection. The attack begins when the victim is tricked into reinstalling a used key. It is accomplished by ensuring the cryptographic handshake messages are manipulated and replayed (Vanhoef, 2017). The victim’s successful reinstallation of the key triggers the reset of critical parameters, including the receive packet numbers and incremental transit packet numbers. Generally, the KRACK attack is quite common and makes it convenient for an invader to use the keychain applied in traffic encryption.

RF jamming is yet another attack that works through radio frequency and electromagnetic interference to capture and distort data in transit. It is tailored to guarantee that data does not reach the intended destination. It is captured midway and manipulated or used for other reasons. The created interference waves are significantly strong enough to alter the regular traffic.

Wardriving is quite tedious but effective if the hacker is determined. This mechanism is usually branded as access point mapping, as it involves driving around searching for a WI-FI connection from where the attack begins. The attacker quickly retrieves vast data in transit once a viable access point is detected. Depending on the attackers’ expertise, they can successfully decrypt WPA-encrypted traffic or fail. It is worth noting that the discussed attacks use a vast deal of snooping/sniffing/ whereby an attacker takes advantage of an exploitable network. The episode is more practical when the admin fails to monitor and validate network traffic using the most appropriate mechanisms.

Evil Twin Attack

Evil Twin Attack (ETA) is a malicious spoofing attack that tricks and captivates users into giving out their details. It typically captures unsuspecting individuals to an eavesdropping portal that apparently seems legitimate. The method comprises a series of stringent steps that lead to successful hacking.

First, an attacker identifies a location with free Wi-Fi and is busy creating a broad target population. The site could be an airport or a library, as they have multiple access points labeled with a common name. This aspect makes it viable to proceed to the subsequent step of setting up a new Wi-Fi access point. At this juncture, the attacker imitates the legitimate SSID name. The next step involves the creation of a fake captivating portal that requires some details such as usernames, passwords, and other details (Panda, 2021). Once the fake portal and evil twin access point are set up, the hacker draws their router close to potential victims to ensure their fake access point has a stronger signal. By doing so, the hacker monitors and retrieves critical data effortlessly. He watches their device usage, and the hackers claim their credentials if the victims log into their accounts. Alternatively, the hacker has the pecan interception device if one enters vital data into a misleading portal.

This invasion affects both individuals and businesses hence the need to be careful with public facilities. One can protect themselves from the evil twins by using their hotspots, disabling auto connects, and avoiding unsecured Wi-Fi hotspots and private networks in public Wi-Fi. Further measures include using a VPN, sticking to HTTPS websites, and applying two-factor authentication. If one falls victim to the attack, it is imperative to contact the bank/credit card company or the local police. Essentially, an evil twin attack is a prevalent threat, and one must articulate proactive preventative measures.

Authenticating, Authorizing, and Auditing Wireless Traffic

Below is the step-by-step procedure to authenticate, authorize, and audit wireless traffic on a window active directory network:

  • Login to the dashboard and scroll to Protection & SD-WAN, then proceed to configure and finally to AD.
  • Click the AD drop-down menu, then select the option of authenticating the user with the AD.
  • Select to allow log-on through default/splash to network-wide setting specifically for Per-VLAN settings. The essence of permitting splash log-on is to ensure that the network users with the splash page are reminded to use the domain key to log in, which is unnecessary when dealing with necessary when dealing with group policy integration to access the AD server efficiently. At this juncture, including all the domain controllers responsible for sites managed by MX or subnets is essential.
  • The subsequent step is all about entering the below data as a strategic way of adding an AD server.
    • The short domain name (NetBIOS name) is disputed to the Fully Qualified Domain Name (FQDN).
    • The IP address of the domain controller.
    • A viable domain administrator account that can potentially query the Active Directory Server once triggered by MX.
    • A password for the domain administrator’s account.

At this step, it is imperative to ensure that the audit policy for User Account Management exploits the below actions.

  • Proceed to the Administrative Tools
  • Go to Domain Controller to open and launch the Group Policy Management console.
  • Adjust the existing GPO or generate a new one. Creating a new GPO, linking it to a domain, and consequently editing it is recommended (Saravanan, n.d).
  • To create a new GPO, press the domain name in the left menu.
  • Click on “Create the GPO in this domain, and connect it here.”
  • A window will be displayed on the screen labeled “New GPO.” Enter a name in the space and click OK.
  • For the new GPO depicted in the left pane, right-click on it, then press Edit in the context menu.
  • By now, display “Group Policy Management Editor” on the screen.
  • Proceed to the Computer Configuration, then Windows Settings, then Security Settings. From this step, go to Advanced Audit Policy Configuration and click Audit Policies to create an Audit User Account Management policy.
  • To open all the sub-policies within the policy, double double-click on Account Management.
  • Open the Properties window by double-clicking the Audit for the Account Management policy option.
  • Select the checkbox in the policy resources labeled “Define these policy settings.” Choose one or both of these options as per test testing requirements.
  • Click Apply, then OK as a means of exiting the properties window.
  • To reveal the changes to the entire domain, update the Group Policy (Cisco, 2021; Microsoft, 2021; Watch Guard, 2022).

Deploying multiple wireless access networks within a particular geographic location should be well-designed to control overwrapping. In the event of overwrapping signals, there should be an effort to reduce interference among wireless access deployments. This can be achieved through effective programming to establish different channels. Auditing and monitoring modifications on user accounts is a productive way of supporting compliance and protection in the digital environment. Auditing all Active Directory events is sometimes recommended, especially when there are alternations in user accounts. This is a primary way of evading probable, otherwise costly security risks. Therefore, Active Directory security issues can only be controlled by tracking adjustments on the user account. Notably, these activities are broad in scope and may involve user account permission modifications, generates, disabling, and deleting.

Part 2: Ethical Hacking History

According to Farsole et al. (2010), a hacker is any person who maliciously breaks into a system aiming for personal gain. Traditionally, a hacker is someone who likes to tinker with electronic systems. In the context of ethics, an ethical hacker is a specialist legally employed to break into networks and computers to test their security features. The term hacking originated in the 1960s at the Institute of Technology (MIT), Cambridge, where skilled programmers used FORTRAN and another old language to practice and optimize systems. Since then, ethical hacking has gradually advanced through the early days (the 1970s) when companies and governments deployed teams meant to detect vulnerabilities in computing and telecom systems. The subsequent phases included the golden age (1980-1991) with the great hacker war and crackdown. Personal computers have become more prevalent during this era, rendering hacking a global phenomenon. By 1995, the ‘white hat’ and ‘black hat’ hackers were distinguished by John Patrick, and ethical hacking became a legitimate career henceforth.

The inception of Apple is primarily founded on hacking. It can be traced back to the 1970s when Steve Jobs met Steve Wozniak in college, where they collaboratively manufactured and sold blue boxes. The two then heard about John Draper, who inspired not only the blue boxes but also other critical projects.

The blue box was a unique device capable of causing mischief and planning free calls. As a hacker, Draper worked as an independent contractor and enabled Apple to develop a telephone interface board for Apple II computers. The board had a special ability to recognize phone lines and signals though the invention did not reach the market. However, Draper was imprisoned for phone fraud but still worked behind bars leading to the invention of a word processor for Apple II, the EasyWriter. In a recent interview, Steve Jobs acknowledged that Apple would not exist if not for the idea of blue boxing (Williams, 2015). Therefore, Draper is accredited for the company’s success and other multiple projects.

The future of ethical hacking is incredibly bright, given that every organization is vulnerable to cyber-attack. As more companies shift to the cloud, they require extra security mechanisms to guarantee that data not stored on their premises is safe. At the same time, the job landscape is drastically changing, and more people are opting to work from home. As a result, there must be strategies to ensure that data in transit is secured from potential attackers. Interestingly, hacking is not taught in school, implying that the job market for ethical hackers will never flood (Hartley et al., 2017). The skill gap in the market keeps expanding and might not be filled soon. Demand for ethical hackers within organizations is projected to continue rising as this is a strategic way of installing advanced security measures. In fact, the value of the global penetration testing market is estimated to hit $4.1 billion before 2027. The presence of ubiquitous data raises multiple issues, including privacy, confidentiality, and integrity concerns that invariably evoke the need for ethical hacking. Data is currently processed, distributed, and stored in different ways, and such an approach is expected to become more vehement in the future. The multifaceted approach creates numerous risks for data security, implying that more ethical hackers will be required to heighten the security measures.

It is also worth acknowledging that the future of ethical hacking significantly lies in quantum computing. Attackers can potentially leverage the power of quantum computing to breach cybersecurity by creating a novel approach. A quantum computer enables attackers to analyze datasets and launch sophisticated attacks on massive devices and networks (Legrand, 2020). The affordability of cloud quantum computing for hackers further accelerates their capability to initiate aggressive attacks. With such trends and potential, ethical hacking will equally become important to counter malicious attacks. As such, the hacking landscape is expected to get steeper, more competitive, and more complicated over time.

References

Cisco, (2021). Configuring Active Directory with MX Security Appliances.

Farsole, A. A., Kashikar, A. G., & Zunzunwala, A. (2010). Ethical hacking. International  Journal of Computer Applications1(10), 14-20.

Hartley, R., Medlin, D., & Houlik, Z. (2017). Ethical hacking: Educating future cybersecurity professionals. In Proceedings of the EDSIG Conference ISSN (Vol. 2473, p. 3857).

Legrand, J. (2020). Quantum Computing: Threat to Cybersecurity.

Mattie, D. (2020). What Tools do Black Hat Hackers Use to Attack Wireless traffic?

Microsoft, (2021). Wireless Access Deployment.

Panda, (2021). What is an Evil Twin Attack?

Saravanan, B, (n.d). How do you audit active directory user account changes?

Tews, E., & Beck, M. (2019, March). Practical attacks against WEP and WPA. In Proceedings of the second ACM conference on Wireless network security (pp. 79-86).

Vanhoef, M, (2017). Breaking WPA2 by Forcing Nonce Reuse. Key Reinstallation Attacks

Watch Guard, (2022). Configure Active Directory Authentication.

Williams, H. (2015). The Hacker Who Inspired Apple: John’ Captain Crunch’ Draper. Computer Hacking.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 

Wireless Network Attacks

Wireless Network Attacks

Part 1: Wireless Hacking

Respond to the following:

  1. What tools do black hat hackers use to attack wireless traffic? 300 words minimum.
  2. What are some possible attacks against WPA encrypted traffic? 300 words minimum.
  3. What is the “evil twin” attack? 300 words minimum.
  4. How can you authenticate, authorize, and Audit wireless traffic on a Windows Active Directory Network? Please detail the actual setup—600 words minimum.

Part 2: Ethical Hacking’s History

Do some research on the history of ethical hacking. Find at least 4 credible resources. To help you begin, try searching on Clifford Stoll, who has written on the topic.
Based on your research, write a minimum 2-page descriptive essay on the following:

  1. Explain the history of ethical hacking and the role hacking played in the inception of Apple Computers, John Draper, and Phone Phreaks. Include how the term hacker came to be and its various meanings. Speculate on what the future has in store for ethical hacking, including the impact of the cloud, ubiquitous data, and quantum computing.

Specific Part 2 Requirements

  • It uses researched and cited facts and well-explained opinions.
  • Demonstrates superior organization.
  • The viewpoint and purpose should be established and sustained.
  • The writing should be well-ordered, logical, unified, original, and insightful.
  • Follows Standard English guidelines with no grammar, spelling, or punctuation errors.
  • Shows no evidence of plagiarism.
  • Cites at least 2 scholarly peer-reviewed references.
  • The paper will be provided in APA format.