tailieunhanh - Open Source Security Tools : Practical Guide to Security Applications part 37
Open Source Security Tools : Practical Guide to Security Applications part 37. Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses. Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. | Page 339 Friday June 25 2004 12 07 AM Performing a Wireless Network Security Assessment 339 Table Kismet Logging and Interface Options Parameters Descriptions Capture source Defines what interfaces Kismet will listen on. Normally your main wireless interface wlanO should already be set up here. If you want to add additional interfaces do it in the format source type interface name. For example source prism2 wlan0 Prism directs Kismet to listen on wlanO for a prism2 type card. This shows up as Prism in your logs. Fuzzy encryption Shows any identified packets as unencrypted for those stations using undefined or proprietary encryption methods. Generally leave this off unless your card is reporting known encrypted networks as unencrypted. Filtering packet logs Limits what packets get logged. Use the noiselog option to drop any packets that seem to be broken or fragmented due to noise. In a crowded area with lots of interference or when using a card that does not have an external antenna this can keep your log size down. The beaconlog option drops all but the first beacon packet from a particular access point. The phylog setting drops any physical layer packets that are sometimes picked up. You can use any combination of these settings. Decrypt WEP keys Decrypts intercepted data packets on the fly. You must first however have the key which can sometimes be obtained using AirSnort described later in this chapter . Each access point needs a separate statement in the format bssid key where bssid is the MAC address of the access point and key is the key for that access point. Using an external IDS Sends packets to an external instruction detection system for further analysis. You specify a FIFO pipe in this statement and then direct your NIDS to read from the pipe name. Page 340 Friday June 25 2004 12 07 AM 340 Chapter 10 Wireless Tools Table Kismet Interface Settings Settings Descriptions Columns Changes what columns appear in the
đang nạp các trang xem trước