Introduction to IDS ( Intrusion Detection System )

advertisement
Mid-Atlantic Institute for Telecommunications Technologies
A Division of Brookdale Community College
NETW 05A: Applied Wireless Security
Lab #2 Creating Live Security Tools Disks
In a previous lab, we researched the numerous tools available for performing a security audit of a
wireless LAN and created a document to begin tracking and evaluating these tools. It quickly
became apparent that many of these tools were written specifically for the Linux operating
system. Unfortunately, many users are unfamiliar or unaccustomed to this operating system,
working primarily in a Microsoft Windows environment. To remedy this situation, we introduce
two new items to your wireless security toolbox.
The first of these is Knoppix STD 0.1, where the STD stands for security tools distribution.
Knoppix-STD is a customized distribution of the Knoppix Live Linux CD. With this Live Linux
distribution, we boot directly from the CD into the Knoppix-STD, which includes:
 a customized linux kernel (2.4.21 with ntfs rw, openmosix, and superfreeswan patches),
 Fluxbox windows manager,
 incredible hardware detection and
 hundreds of applications.
If we boot without the CD and we return to our original operating system. Aside from borrowing
power, peripherals and some RAM, Knoppix-STD doesn't touch the host computer.
The STD customized distribution focuses on information security and network management
tools. It is meant to be used by both the novice looking to learn more about information security
and the security professional looking for another swiss army knife for their toolkit. The tools
provided through STD are divided into the following categories (see the STD Tools section for
details):
 authentication
 password tools
 encryption
 servers
 forensics
 packet sniffers
 firewall
 tcp tools
 honeypot
 tunnels
 ids
 vulnerability assessment
 network utilities
 wireless tools
The second of these is the Auditor security collection, a Live-System also based on the Knoppix
Live Linux CD. With no installation whatsoever, the analysis platform is started directly from
the CD and is fully accessible within minutes. Independent of the hardware in use, the Auditor
security collection offers a standardized working environment, so that the build-up of know-how
and remote support is made easier through an excellent user-friendliness combined with an
optimal toolset. Professional open-source programs offer you a complete toolset to analyze your
safety, byte for byte. In order to become quickly proficient within the Auditor security collection,
Creating Live Security Tools Disks Version 0
© Copyright 2005 MAITT
Last Updated: 2/16/16
Mid-Atlantic Institute for Telecommunications Technologies
A Division of Brookdale Community College
the menu structure is supported by recognized phases of a security check.
 foot-printing,
 analysis,
 scanning,
 wireless,
 brute-forcing, and
 cracking.
By this means, you instinctively find the right tool for the appropriate task. In addition to the
approx. 300 tools, the Auditor security collection contains further background information
regarding the standard configuration and passwords, as well as word lists from many different
areas and languages with approx. 64 million entries. Current productivity tools such as web
browser, editors and graphic tools allow you to create or edit texts and pictures for reports,
directly within the Auditor security platform.
Many tools were adapted, newly developed or converted from other system platforms, in order to
make as many current auditing tools available as possible on one CD-ROM. Tools like
Wellenreiter and Kismet were equipped with an automatic hardware identification, thus avoiding
irritating and annoying configuration of the wireless cards.
The goal of this lab is to create a boot CD for Knoppix-STD and for Auditor security collection
that will become part of a comprehensive security toolbox.
Step1: Download the image file (ISO) for the Knoppix STD 0.1 distribution.
The Knoppix-STD site is located at http://www.knoppix-std.org/, or you may go directly to the
download page at http://www.knoppix-std.org/download.html . Make note of the version
number and date last update date – this information can be added to your tracking table for
WLAN auditing tools (see Lab#1). The file should have an extension of .iso, and at the time this
document was created a size of approximately 479 MegaBytes. If you wish to verify he MD5 of
the file you download, follow the directions at http://www.knoppix-std.org/md5.html .
Step2: Download the image file (ISO) for the Auditor security collection distribution.
This distribution is located at http://remote-exploit.org/?page=auditor, or you may go directly to
the download page at http://remote-exploit.org/content/mirrors.html. Again, make note of the
version number and date last update date for your tracking table for WLAN auditing tools.
These files are compressed, so they should have an extension of .iso.zip, and at the time this
document was created a size of approximately 537 MegaBytes. Again, the MD5sum is provided
if you wish to verify it.
Creating Live Security Tools Disks Version 0
© Copyright 2004 MAITT
Last Updated: 2/16/16
Page 2 of 3
Mid-Atlantic Institute for Telecommunications Technologies
A Division of Brookdale Community College
Step3: Download and Install the ISO Record Power Toy.
ISO Recorder Power Toy is a UI component that allows to us to use the CD-Recording
capabilities of Windows XP to record ISO images and copy CD to CD - a piece of functionality
missing in Windows XP. The ISO Recorder itself does not record CDs but instead uses existing
OS features. Some of the interfaces it uses are not fully documented by Microsoft and as such are
subject to change in the future. This software works on Windows XP only . It was tested with
retail build of Windows XP (Home and Professional). The ISO Recorder site is at
http://isorecorder.alexfeinman.com/isorecorder.htm. There are two versions available, the
standard version and a newer beta version.
Note! The beta version does not support preSP2 (pre-service pack 2) machines yet, but works
on Server 2003 and SBS 2003. Some features are not there yet too, but it burns CDs on SP2.
ISO Recorder v2 Beta is available at http://isorecorder.alexfeinman.com/Beta.htm
Note! The standard version supports preSP2 (pre-service pack 2) machines yet, but does not
work on Server 2003 and SBS 2003.
The standard ISO Recorder is available at
http://isorecorder.alexfeinman.com/IsoRecorder/download.asp
Installation: ISO Recorder is distributed as an .msi file - ISORecorderSetup.msi or
ISORecorderV2.msi. To install it download the file onto your computer, right-click and select
"Install". To uninstall ISO Recorder use Control Panel/Add Remove Software. NOTE: The
beta version downloads as a compressed zip file which you must extract and then install.
Step4: Using the ISO Record PowerToy Create the Bootable CDs for each Distribution
Using 2 blank CD-R or CD-RW disks follow the directions for ISO Recorder to create a CD for
each of the new tools we have downloaded
Usage - Recording ISO images:
1. Right-click on an ISO file and select "Copy Image to CD". The wizard will open up. The
file name should appear in the "File name" edit box. If, for some reason, wizard cannot
use currently selected file or CD recorder, an error message will be provided and "Next"
button will be disabled.
2. Press the "Next" button. Recording operation can be terminated by pressing "Cancel".
Note that terminating the actual recording operation can take up to several minutes.
3. When copy is completed, the wizard will display the "Finish" page.
A tutorial for ISO Recorder is available at http://isorecorder.alexfeinman.com/HowTo.htm.
Creating Live Security Tools Disks Version 0
© Copyright 2004 MAITT
Last Updated: 2/16/16
Page 3 of 3
Download