Introduction to Cyber Security
Yüklə 1,12 Mb.
|
- Bu səhifədəki naviqasiya:
- Attacks
|
Attacks mitigated: Unauthorized access, War driving
Disable Auto-connect feature: Some devices or the computers/laptops have „Let this tool manage your wireless networks‟ or „Connect automatically to available network‟. Such users having this auto-connect feature enabled are prone to Phishing attack or Rogue AP attack. Attackers keep their APs alive and kicking for such kind of unsuspecting users. They also use luring names as „HotSpot‟, „SecureConnect‟, ‟GovtNetworks‟ etc. The user will never suspect them and keep surfing the wireless network happily. Also if you have not changed the default password of your router, the attacker will try to use this feature on their machine and automatically connect using the easily guessable default passwords. Attacks mitigated: Phishing, Sniffing, Rouge AP association Don’t use public Wi-Fi spots to surf sensitive websites: Free and open wireless networks available on airports, cafes, railway stations are not very secure by nature. They do not use any encryption to secure the channel between your laptop to the router. So any information which is not by default going on HTTPS from your laptop/smart phone is susceptible to sniffing and even more your session could be hijacked because the unencrypted channel may leak the active session ID used by your website. Recently to demonstrate these types of attacks one researcher developed a tool Firesheep [http://codebutler.github.com/firesheep/]. All the attacker needs to do is to just install this tool in Firefox and start sniffing the communications on a public unencrypted Wi-Fi. Some applications like Facebook encrypts the login page [HTTPS] but internal pages are served on unencrypted [HTTP] channel so your session ID can be leaked. Attacks mitigated: Sniffing, Session Hijacking Yüklə 1,12 Mb. Dostları ilə paylaş:
|