Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: What and where credentials are logged when you connect to a network?

  1. #1
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    4

    Default What and where credentials are logged when you connect to a network?

    Hello all,

    I am not new to Backtrack, only new to the new forum. I have been pentesting my own network here at my office.

    I am just curious, if someone else is using Backtrack (or any other OS) and is penetration testing my network, how could they be logged? My first thought was their MAC address in my router... good idea, right? unless someone knows how to use macchanger! Seems to me like if someone did that, broke my wpa key and got on my network I could never track them, other than trying to sniff credentials from input on sites they visited... Even then, that's only if I'm able to use ettercap or some other MITM monitoring software.

    I'm not just real worried about it but now that I am involved in this site and I see how easy it is, one can only wonder...


    Thanks!

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: What and where credentials are logged when you connect to a network?

    So let me get this straight. You have just downloaded BT and are playing around a bit at work and are wondering if someone can discover what you are doing, or if there is a way to keep people from finding out?
    That's what it sounds like you are asking .

  3. #3
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    12

    Default Re: What and where credentials are logged when you connect to a network?

    If you are worried about people "cracking your WPA" key on your office network then a couple of suggestions i) investigate a WPA Enterprise solution ii) if this is not viable pick a long password with lots of punctuations and don't use dictionary words. Granted your users might still share the key so see option 1.

    In terms of seeing unauthorised activity on your network - there is a whole cottage industry in intrusion detection, google IDS.

  4. #4
    Member whitelisted's Avatar
    Join Date
    Feb 2010
    Posts
    72

    Default Re: What and where credentials are logged when you connect to a network?

    Quote Originally Posted by flawl3ss View Post
    Hello all,

    I am not new to Backtrack, only new to the new forum. I have been pentesting my own network here at my office.

    I am just curious, if someone else is using Backtrack (or any other OS) and is penetration testing my network, how could they be logged? My first thought was their MAC address in my router... good idea, right? unless someone knows how to use macchanger! Seems to me like if someone did that, broke my wpa key and got on my network I could never track them, other than trying to sniff credentials from input on sites they visited... Even then, that's only if I'm able to use ettercap or some other MITM monitoring software.

    I'm not just real worried about it but now that I am involved in this site and I see how easy it is, one can only wonder...

    Thanks!
    Intrusion prevention systems are the first answer that spring to mind.

    I have emboldened the only section of your post that hints that you're talking about a wireless network, not a wired one. This is very important information, and you should have specified that right at the beginning of your post if you wanted to get a useful answer from anyone.

    If this is a business network, you should consider upgrading to WPA2 Enterprise.

  5. #5
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    4

    Default Re: What and where credentials are logged when you connect to a network?

    Quote Originally Posted by Archangel.Amael View Post
    So let me get this straight. You have just downloaded BT and are playing around a bit at work and are wondering if someone can discover what you are doing, or if there is a way to keep people from finding out?
    That's what it sounds like you are asking .
    I am the only one that would discover what I am doing... I am THE network admin here at work. If I wanted to access my server, I'd simply login to it.
    To sum up: what I am asking is exactly what I asked in the first post of this thread.
    My server contains very confidential info, and I wanted to know if there was a way to detect someone unauthorized on my network (wired or wireless.) I was simply stating that I am worried because I see now, how easy it is to exploit a system.

    Forgive me for not bowing down..

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: What and where credentials are logged when you connect to a network?

    Quote Originally Posted by flawl3ss View Post
    I am the only one that would discover what I am doing... I am THE network admin here at work. If I wanted to access my server, I'd simply login to it.
    To sum up: what I am asking is exactly what I asked in the first post of this thread.
    My server contains very confidential info, and I wanted to know if there was a way to detect someone unauthorized on my network (wired or wireless.) I was simply stating that I am worried because I see now, how easy it is to exploit a system.

    Forgive me for not bowing down..

    I will forgive your ignorant first post, since it is you that asked a question that raised suspicion.
    I will also do you one better.
    google intrusion detection systems, and start reading. There is tons of material around.

  7. #7
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    Arizona
    Posts
    15

    Default Re: What and where credentials are logged when you connect to a network?

    Hello,

    If you're worried about someone accessing resources on your network;

    assuming you work within a windows framework, enable/change your "audit policy" (mmc, secpol.msc, audit policy, etc...) enable all attributes for audit, and you'll be able to log all IP's that access resources within that machine (or domain, if you change the audit policy -forest/domain wide...)

    ...as some have suggested, don't use WPA PSK... it's not much setup to rock 802.1x (EAP-TLS) certificate based crypto

    install a protocol analyzer on the box in question, log all traffic to/from core resource, review your logs...

    some have suggested IDS, IPS opposed to IDS is the way to go, but if you're after a free solution (software based) IDS might be more appropriate.

    best,

    J

  8. #8
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    4

    Default Re: What and where credentials are logged when you connect to a network?

    Thanks for the input fellas i'll check up on IDS, all I really needed was a kick in the right direction.
    Last edited by lupin; 03-31-2010 at 10:14 AM. Reason: You know why I have edited this OP...

  9. #9
    Junior Member roybatty's Avatar
    Join Date
    Jan 2010
    Location
    Tannhauser Gate
    Posts
    55

    Default Re: What and where credentials are logged when you connect to a network?

    Quote Originally Posted by flawl3ss View Post
    My server contains very confidential info, and I wanted to know if there was a way to detect someone unauthorized on my network (wired or wireless.)
    Short answer: yes, multiple ways. From arpwatch to IPS/IDS systems.
    I've seen things you people wouldn't believe.

  10. #10
    Junior Member
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    79

    Default Re: What and where credentials are logged when you connect to a network?

    As said before IDS's and maybe have a list of clients connected that you can consult to find intruders. Also beefing up security isn't a bad idea either.

Page 1 of 2 12 LastLast

Similar Threads

  1. How do i connect to 802.1x in BT?
    By bQnne in forum Beginners Forum
    Replies: 5
    Last Post: 03-17-2010, 02:19 AM
  2. How to connect to WEP 802.1x network?
    By bQnne in forum Beginners Forum
    Replies: 1
    Last Post: 03-01-2010, 05:10 PM
  3. Connect to Internet
    By aamir99 in forum Beginners Forum
    Replies: 2
    Last Post: 02-11-2010, 08:57 PM
  4. Can't connect to wifi
    By doligal in forum Beginners Forum
    Replies: 5
    Last Post: 02-10-2010, 10:33 AM
  5. Firefox starting when logged in
    By MarkW7 in forum Beginners Forum
    Replies: 2
    Last Post: 01-31-2010, 08:29 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •