Mid-Atlantic Institute for Telecommunications Technologies A Division of Brookdale Community College NETW 05A: Applied Wireless Security Lab #2 Creating Live Security Tools Disks In a previous lab, we researched the numerous tools available for performing a security audit of a wireless LAN and created a document to begin tracking and evaluating these tools. It quickly became apparent that many of these tools were written specifically for the Linux operating system. Unfortunately, many users are unfamiliar or unaccustomed to this operating system, working primarily in a Microsoft Windows environment. To remedy this situation, we introduce two new items to your wireless security toolbox. The first of these is Knoppix STD 0.1, where the STD stands for security tools distribution. Knoppix-STD is a customized distribution of the Knoppix Live Linux CD. With this Live Linux distribution, we boot directly from the CD into the Knoppix-STD, which includes: a customized linux kernel (2.4.21 with ntfs rw, openmosix, and superfreeswan patches), Fluxbox windows manager, incredible hardware detection and hundreds of applications. If we boot without the CD and we return to our original operating system. Aside from borrowing power, peripherals and some RAM, Knoppix-STD doesn't touch the host computer. The STD customized distribution focuses on information security and network management tools. It is meant to be used by both the novice looking to learn more about information security and the security professional looking for another swiss army knife for their toolkit. The tools provided through STD are divided into the following categories (see the STD Tools section for details): authentication password tools encryption servers forensics packet sniffers firewall tcp tools honeypot tunnels ids vulnerability assessment network utilities wireless tools The second of these is the Auditor security collection, a Live-System also based on the Knoppix Live Linux CD. With no installation whatsoever, the analysis platform is started directly from the CD and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardized working environment, so that the build-up of know-how and remote support is made easier through an excellent user-friendliness combined with an optimal toolset. Professional open-source programs offer you a complete toolset to analyze your safety, byte for byte. In order to become quickly proficient within the Auditor security collection, Creating Live Security Tools Disks Version 0 © Copyright 2005 MAITT Last Updated: 2/16/16 Mid-Atlantic Institute for Telecommunications Technologies A Division of Brookdale Community College the menu structure is supported by recognized phases of a security check. foot-printing, analysis, scanning, wireless, brute-forcing, and cracking. By this means, you instinctively find the right tool for the appropriate task. In addition to the approx. 300 tools, the Auditor security collection contains further background information regarding the standard configuration and passwords, as well as word lists from many different areas and languages with approx. 64 million entries. Current productivity tools such as web browser, editors and graphic tools allow you to create or edit texts and pictures for reports, directly within the Auditor security platform. Many tools were adapted, newly developed or converted from other system platforms, in order to make as many current auditing tools available as possible on one CD-ROM. Tools like Wellenreiter and Kismet were equipped with an automatic hardware identification, thus avoiding irritating and annoying configuration of the wireless cards. The goal of this lab is to create a boot CD for Knoppix-STD and for Auditor security collection that will become part of a comprehensive security toolbox. Step1: Download the image file (ISO) for the Knoppix STD 0.1 distribution. The Knoppix-STD site is located at http://www.knoppix-std.org/, or you may go directly to the download page at http://www.knoppix-std.org/download.html . Make note of the version number and date last update date – this information can be added to your tracking table for WLAN auditing tools (see Lab#1). The file should have an extension of .iso, and at the time this document was created a size of approximately 479 MegaBytes. If you wish to verify he MD5 of the file you download, follow the directions at http://www.knoppix-std.org/md5.html . Step2: Download the image file (ISO) for the Auditor security collection distribution. This distribution is located at http://remote-exploit.org/?page=auditor, or you may go directly to the download page at http://remote-exploit.org/content/mirrors.html. Again, make note of the version number and date last update date for your tracking table for WLAN auditing tools. These files are compressed, so they should have an extension of .iso.zip, and at the time this document was created a size of approximately 537 MegaBytes. Again, the MD5sum is provided if you wish to verify it. Creating Live Security Tools Disks Version 0 © Copyright 2004 MAITT Last Updated: 2/16/16 Page 2 of 3 Mid-Atlantic Institute for Telecommunications Technologies A Division of Brookdale Community College Step3: Download and Install the ISO Record Power Toy. ISO Recorder Power Toy is a UI component that allows to us to use the CD-Recording capabilities of Windows XP to record ISO images and copy CD to CD - a piece of functionality missing in Windows XP. The ISO Recorder itself does not record CDs but instead uses existing OS features. Some of the interfaces it uses are not fully documented by Microsoft and as such are subject to change in the future. This software works on Windows XP only . It was tested with retail build of Windows XP (Home and Professional). The ISO Recorder site is at http://isorecorder.alexfeinman.com/isorecorder.htm. There are two versions available, the standard version and a newer beta version. Note! The beta version does not support preSP2 (pre-service pack 2) machines yet, but works on Server 2003 and SBS 2003. Some features are not there yet too, but it burns CDs on SP2. ISO Recorder v2 Beta is available at http://isorecorder.alexfeinman.com/Beta.htm Note! The standard version supports preSP2 (pre-service pack 2) machines yet, but does not work on Server 2003 and SBS 2003. The standard ISO Recorder is available at http://isorecorder.alexfeinman.com/IsoRecorder/download.asp Installation: ISO Recorder is distributed as an .msi file - ISORecorderSetup.msi or ISORecorderV2.msi. To install it download the file onto your computer, right-click and select "Install". To uninstall ISO Recorder use Control Panel/Add Remove Software. NOTE: The beta version downloads as a compressed zip file which you must extract and then install. Step4: Using the ISO Record PowerToy Create the Bootable CDs for each Distribution Using 2 blank CD-R or CD-RW disks follow the directions for ISO Recorder to create a CD for each of the new tools we have downloaded Usage - Recording ISO images: 1. Right-click on an ISO file and select "Copy Image to CD". The wizard will open up. The file name should appear in the "File name" edit box. If, for some reason, wizard cannot use currently selected file or CD recorder, an error message will be provided and "Next" button will be disabled. 2. Press the "Next" button. Recording operation can be terminated by pressing "Cancel". Note that terminating the actual recording operation can take up to several minutes. 3. When copy is completed, the wizard will display the "Finish" page. A tutorial for ISO Recorder is available at http://isorecorder.alexfeinman.com/HowTo.htm. Creating Live Security Tools Disks Version 0 © Copyright 2004 MAITT Last Updated: 2/16/16 Page 3 of 3