A number of other tools are available for Mac OS X and Unix systems that can be used against your network, or to help protect it. Much of this software uses sniffing and portscanning as a means of gathering information, but rather than leaving it up to you to interpret the results, it provides highly specialized reporting features to simplify analysis. Rounding out this chapter, we'll take a look at a few of these packages so that you can have the best tools for defense, or at least see what crackers will be using against you.
The advent of wireless networks and their inherent security risks ( generally left open, insecure /hackable encryption, and so on) has inspired a new hacking sport, "wardriving." Wardriving involves packing your wireless laptop up into your car, then driving around town while it scans for open wireless access points. There are a number of Windows and Linux applications for this purpose, but the Mac has been lacking until recently.
The application KisMAC (http://www.binaervarianz.de/projekte/programmieren/kismac/) provides wireless sniffing capabilities and can identify access points, clients , hardware manufacturers, and even decrypt WEP passwords. KisMAC's network status and client identifier is shown in Figure 7.6.
To determine the amount of activity on a network (that is, whether it's worth your time to watch), KisMAC even provides usage graphing under a separate tab, as shown in Figure 7.7.
Unless a wireless network uses additional authentication or security beyond the 802.11b standard, it is at risk from tools such as KisMAC.
Folks in search of something a bit less flashy may be interested in Mac Stumbler, http://www.macstumbler.com/, a competing (and also free) wireless sniffer.
As was mentioned earlier, performing a portscan and then cross-referencing the information returned with known attacks for the given platform provides a good starting point for any attack. Couple that with the ability to check service ports for specific information and you've got a tool that can identify open services, the risks they present, and the exploits that could affect them.
Security scanners are a popular tool for administrators to audit the security of their network. A scanner can pull together information in a few minutes what would take hours for an administrator to do by hand with NMAP and a few online security references. Although there are a number of Unix tools that perform this feature, few combine the ability to trace connections visually, watch Internet traffic, detect DoS attacks, perform brute-force password attacks, and so on. The software MacAnalysis (http://www.macanalysis.com/about.php3) does exactly this, and more.
Pulling together more than 1300 exploits and dozens of network tools, the $50 MacAnalysis, shown in Figure 7.8, is an excellent investment for administrators of open networks.
MacAnalysis can be used to configure your computer's firewall and uses industry-standard tools such as NMAP and Snort for portscans and intrusion detection. (These are wrapped within the MacAnalysis GUI ”you'll never even know they're there.)
For an Open Source alternative, try Nessus (http://www.nessus.org/posix.html). Nessus features an up-to-date library of exploits, and can produce a security report for an entire network, along with potential fixes and BugTraq/CVE IDs.