Page 31 - StudyBook.pdf
P. 31
General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1 15
EXERCISE 1.02
DEMONSTRATING THE PRESENCE OF CLEARTEXT PASSWORDS
One of the operations performed in security monitoring and analysis is
packet sniffing—the analysis of network traffic and packets being trans-
mitted to and from the equipment. This involves using appropriate soft-
ware to intercept, track, and analyze the packets being sent over the
network. In this exercise, you are going to do some packet sniffing and
detection work. The steps you use will give you the opportunity to expe-
rience first-hand what has been discussed so far about authentication.
Analysis of the traffic on your network provides you with the opportu-
nity to detect unwanted and unauthorized services, equipment, and
invaders in your network.
Many products exist that allow you to analyze the traffic on your
network. A number of these are proprietary. For example, Microsoft
provides Network Monitor on Windows-based server products for use by
administrators and server operators to examine network traffic to and
from individual machines.
A higher-powered version is available in other Microsoft products,
including System Management Server (SMS) v. 2003 R2. (SMS is now at
version 3.0.)
Products are also available from vendors such as Fluke Networks and
Agilent’s Advisor product.
Best of all, there are free products. To try this exercise, use any of
the above products or one of the following:
■ ettercap http://ettercap.sourceforge.net/
■ Wireshark www.wireshark.org
This exercise is described using the free tool, Ettercap. Let’s get
started by verifying the presence of cleartext passwords that are sent on
networks daily.
Perform the following steps to set up for the exercise.
1. Download and install your tool of choice. Note that Ettercap and
Ethereal are available for most platforms.
2. Find and note the following information: your POP3 server’s fully
qualified domain name (FQDN) or Internet Protocol (IP) address,
www.syngress.com
