How Does Wireless Security Work

Wireless security is a set of measures and protocols designed to protect wireless networks and their data from unauthorized access, data interception, and other security threats. It is essential to secure wireless networks as they transmit data over the airwaves, making them susceptible to eavesdropping and attacks by malicious actors. Here’s how wireless security works:

  1. Authentication and Encryption: Two fundamental components of wireless security are authentication and encryption. Authentication ensures that only authorized devices can access the wireless network, while encryption ensures that data transmitted over the network is encrypted, making it difficult for attackers to decipher even if intercepted.
  2. Wi-Fi Protected Access (WPA/WPA2/WPA3): These are wireless security protocols that implement strong encryption and authentication mechanisms to secure Wi-Fi networks. WPA2 and WPA3 are the most widely used protocols, with WPA3 being the latest and most secure version.
  3. Pre-Shared Key (PSK): PSK is a common authentication method used in home Wi-Fi networks. It requires users to enter a passphrase (pre-shared key) to connect to the network. However, PSK can be susceptible to dictionary attacks if the passphrase is weak.
  4. Enterprise Mode and 802.1X: For more robust authentication in business environments, the enterprise mode is used along with the 802.1X authentication standard. This involves a RADIUS (Remote Authentication Dial-In User Service) server that validates users’ credentials, making it more secure than PSK.
  5. MAC Address Filtering: Wireless routers can be configured to allow only specific devices (identified by their MAC addresses) to connect to the network. While this adds an extra layer of security, MAC addresses can be spoofed, rendering this measure less effective on its own.
  6. Hidden SSID: Wireless networks can be configured to hide their Service Set Identifier (SSID), the network name visible to users. However, this is not a strong security measure since attackers can still discover the hidden SSID through various means.
  7. Regular Firmware Updates: Keeping the wireless router’s firmware up to date is crucial as manufacturers often release updates to patch security vulnerabilities and improve performance.
  8. Wireless Intrusion Detection System (WIDS): WIDS is a system that monitors wireless network traffic for signs of suspicious or unauthorized activity. It helps detect rogue access points and potential security threats.
  9. Virtual Private Networks (VPNs): When accessing sensitive information over public Wi-Fi or untrusted networks, using a VPN can encrypt all traffic between the device and the VPN server, providing an additional layer of security.
  10. Guest Networks: For businesses and home networks, setting up a separate guest network allows visitors to access the internet without gaining access to the main network and its resources.

Overall, implementing a combination of these security measures ensures a more secure wireless network, reducing the risk of unauthorized access and data breaches. However, it’s essential to stay vigilant, regularly update security settings, and keep track of emerging threats to maintain a robust wireless security posture.

Physical Security Penetration Testing
————————————-
After virtual security auditings major coprorations may not deploy a huge amount and resources to ensure the physical environment is secure. Hence auditing physical security again can be a big task for these organisations.

Major Organisations which need physical Security.
————————————————–
– Nuclear Power Plants
– Space Stations
– Hydrogen Experimental sites
– Data Control Centers
etc etc etc…

Physical Security Check list Areas

1. Organisation Surroundings
2. Ensure the people in the organisation following the physical security rules.
– They must use icards for the authentication
– There must be a log manager of all the in-out activities
– There should be a physical resource person(team) who is monitoring 24*7 the in-out operational work by the employees.
– Reason for the visit should be validated.

Check list for entering the server room.

-> Name of the vistor
-> Company of the visitor
-> Company icard scanned copy.
-> Adhar Card/dl etc
-> Name of Person who is bringing the visitor
-> Company he belongs to
-> ICard number
-> Devices they are carrying
-> Hand over your phone in switched off mode to the gatekeeper
-> Locker Keys will be given back to you.

Within the working space physical security checklist
– Clean Desk policy
– After meeting and after all the chats and plans making, before you leave the office discussion room you have to clear the white board or glass on which you have wrote anything about the task to be executed.
– You have to shredder any document before throwing it in dustbin.

Dumpster Diving : Process in which where hacker sneak into the grabage of any home or organisations and look for something important.

– Make sure people in organisation not write any kind of information on sticky notes and on their desk with marker or pen.

Serious Security Checklist

————————–
1. There must be fire extinguisher in all the rooms and places in the organisation.
2. There must an AMC with the fire departmnet company.
3. There must be biometric authentication on server room.
4. There must be cameras inside the server room.
5. Electricity room and generater room should be at seprate locations.

ISO 27001 : Physical Security Control List in Wireless Security

Watch Here Red Team Breach: https://www.youtube.com/watch?v=pL9q2lOZ1Fw

Database Penetration Testing and
—————————-
1. Authentication Bypass
2. Union Based SQL Injection
3. Blind Based SQL Injection
4. Error Based SQL Injection
5. Time Based SQL Injection
6. Double Query SQL Injection
7. Stacked Query SQL Injection
8. Head Based SQL Injection
9. Second Order SQL Injection
10. Boolean Based SQL Injection
11. XPath Injection
12. LDAP Injection

Oracle
MS-SQL MYSQL : 5.0.45 Communicaty Edition
My-SQL : 3306

Step 1: Scan the system with nmap and identify the database port and its version.
nmap -A Traget IP

Step 2: Scanning Version : mysql_version
Step 3: info
Step 4: Set RHOSTS <IP address>
Step 5: run
Step 6:use auxiliary/scanner/mysql/mysql_login
Step 7: set USER_FILE root/Desktop/usernames.lst
Step 8: set PASS_FILE root/Desktop/passwords.lst
Step 9: run

VOIP Pentesting : Voice Over Internet Protocol.
ITs a process in which we try to sniff the voice packets and conversations with in the organisation in which certain VOIP devices are being used for internal communication.

Aviya : The most trusted brand in VOIP communication*

Put call through VOIP –> Target
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attacker : Intercept via Cain n Abel having SIP intercept facility.

VPN Pentesting
—————
Is to encrypt the packets coming out from devices.

 

Follow Us On Cyber Point Solution Youtube Channel : Click Here

Follow Us on Social Platforms to get Updated : twiter,  facebookGoogle Plus

Learn More Ethical Hacking and Cyber Security click on this link. cyber security

Leave a Reply

Your email address will not be published. Required fields are marked *