ROGUE ACCESS POINT
Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.
Please ensure you are using the latest SD Card image which is available here.
This project aims to provide an insight as to how Linux can be used for “Ethical Hackers” to simulate a malicious attack and see the traffic going through a Rogue Access Point (AP).
There are a wide range of Operating Systems (OS), and while Windows owns the largest percentage of the market; there are other OS’s available. The first OS that was developed was called Unix, created in 1970's, and is a dependable OS to integrate hardware and software. But Unix didn’t have a graphical user interface (GUI), it was entirely command line interface (CLI) controlled and required extensive training to operate. As more organisations adopted computers there was a greater need for an easier OS. This led to the creation of multiple companies like Microsoft and Apple who created their own OS for different requirements.
Linux is the evolution of Unix and is very easy to adapt for a range of purposes. There are 100's of Linux versions called Distributions (Distro's) or “flavours” that can be created by amateur and professionals alike. There are many ways to install Linux on a variety of computers, including the Raspberry Pi, and they come with many tools already installed ready for immediate use.
There are numerous different tools available for a wide range of requirements and each require extensive experience to be mastered. Primarily, understanding the nature of the device/devices that are being targeted is fundamental. This can be achieved by using a range of tools like ‘netdiscover’ and ‘arp-scan’ to be able to discover devices on a network and present the IP list ready for further scanning. These tools use very low-level scans like ‘arp’ to discover other devices on a network and are very secure.
Once you have an IP and know you are on the right network, you are then able to run a ‘nmap’ scan which will scan through the ports that are open on a device and present a list of the ports with the associated services that are running on that port. ‘Nmap’ is a very powerful tool that can be used extensively in ethical hacking and research into additional flags that can be added to a scan make this tool very valuable. Once a target has been thoroughly scanned and enumerated to collect all the possible information about a target it is then possible to make an educated attack and not a wild attack, hoping for the best. It is very important that an attack is undertaken with as much information as possible.
There are 3 types of hackers, whitehat, greyhat and blackhat. Stress to the students that whitehats have explicit permission from the target (an organisation) and follow the scope that is laid out between the whitehat and target. There are lots of opportunities for employment within the cyber security market, including penetration testers (Ethical Hackers) that simulate an attack for the target to illustrate issues and suggest improvements. There are analysts that constantly monitor the traffic of an organisation, looking for issues and connecting between the clients to inform them of problems. There are more jobs becoming available and being created and information security is only becoming more lucrative and a worthwhile place to work in. The major difference between whitehats and greyhats/blackhats is permission. Whitehats have explicit permission whereas greyhats and blackhats do not have any permission and blackhats have more nefarious reasons for their activity. Blackhats are generally regarded as criminals because their activities include stealing data, funding criminal activities and have strong connections to organised crime.
The Rogue AP acts a type of Man-in-the-Middle (MITM) attack where the configuration is already compromised so the traffic is in plaintext and can be changed on the fly by an attacker to show the victim a different display. It can be argued that any kind of "free Wi-Fi" is compromised in this way as a café or restaurant can see the traffic in plaintext. It is very important that if "free Wi-Fi" is used that no personal data or websites like banking should be accessed as this could easy compromise the individual in many ways.
There are ways that connection to a compromised Wi-Fi that even presumably "secure" websites that are meant to be accessed with "https" can be stripped to "http" which allows an attacker to see the data. The main way to counter issues like this is to use a Virtual Private Network (VPN) which encrypts the traffic and can be run by a subscription service to protect your traffic even if you are on a compromised Wi-Fi.
Suggested Year Group
This project is designed to be completed by students over the age of 14. It will support the A Level Computer Science qualification as it considers OS, data security and the social, ethical and moral implications of technology.
1. Stress the explicit nature of the disclaimer on the student worksheet;
2. Instruct the students about Raspbian;
3. Introduce the nature of "ethical hacking" to the students;
4. Introduce the concept of MITM attacks.
Component Number (Peli Case)
(Base) 4 & 5
(Level 1 ) 6
(Level 1 ) 3
(Level 1 ) 3
(Level 1 ) 3
(Level 1 ) 5
(Level 1 ) 1
Component Number (Box Case)
Raspberry Pi + Case
Raspbian SD Card
Power Supply Unit