Dr. Ali Jahangiri, the well known security expert and author of Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts, is pleased to announce the launch of the Live Hacking CD, a new Linux distribution designed for ethical hacking. The Live Hacking CD contains the tools and utilities you need to test and hack your own network but using the tools and techniques that more malicious hackers would use.

Download it here: http://www.livehacking.com/cd-dvd/download.htm

Read the full press release here: http://www.free-press-release-center.info

Hakin9 is a source of advanced, practical guidelines regarding the latest hacking methods as well as the ways of securing systems, networks and applications. I have provided a few recommended copies to download as pdf. Get them here.

Local wireless networks, which provide information to receive and send to the Internet, have become part of the houses and offices. Where as it is less expensive than wired networks and allows for roaming between the two offices to remain in contact with the electronic devices. But experts warn of the penetration it by the strangers or intruders in order to sabotage it.

According to views of the U.S. experts, unsecured homes networks can also be used by the neighbors in order to spam bots download unauthorized material on the rights of the songs and music, and even pornographic material without knowing the owner, which had led to legal proceedings. In particular, it is difficult to identify the person or organization that used the network. One person was detained when he stopped his car in front of a U.S. charitable organization and used its network to communicate with the Internet.

The offices of small businesses were opened that do not have secured internal networks to penetrate the large companies that make business with them; this also is applied to the home network. To overcome the problems the experts proposed to change the passwords on wireless networks from time to time and installation of cryptographic keys to the codes can be changed according to a regular basis. The radio signals can be adjusted so as not to fall outside the walls of the office.

Finally, the use of advanced software to scan wireless networks secures the development of local home and office computers “in the case of the shadows!”

Author: Shrif S Kassem
Article Source: EzineArticles.com
Provided by: Latest trends in mobile phone

Security testing  or assessment is a process to determine that an Information System adequately protects data and maintains intended functionality from the following points:

Confidentiality: A security measure which protects against the disclosure of information to parties other than the intended recipient(s). Often ensured by means of encoding, using a defined algorithm and some secret information known only to the originator of the information and the intended recipient(s) (a process known as cryptography) but that is by no means the only way of ensuring confidentiality.

Integrity: A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information. Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than encoding all of the communication.

Authentication: A measure designed to establish the validity of a transmission, message, or originator. It allows a receiver to have confidence that the information it receives originated from a specific known source.

Authorization: The process of determining that a requester is allowed to receive a service or perform an operation.

Availability: Assuring information and communications services will be ready for use when expected. Information must be kept available to authorized persons when they need it.

Non-repudiation: A measure intended to prevent the later denial that an action happened, or a communication took place, etc. In communication terms, this often involves the interchange of authentication information combined with some form of provable time stamp.

I’ve listed 100+ free and open source tools used in security testing here.

Backtrack is a linux-based penetration testing suite of tools  used by security professionals to perform assessments. Backtrack has been fully customized as a penetration testing tool.

BackTrack 4 (codenamed “pwnsauce”) includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to most major bugs that we knew of. You can install and use it as your primary operating system, run it as a live cd, from a usb drive, or as a virtual machine.

Some of the tools included in the suite are: Metasploit, Kismet, Autoscan, Nmap, Ettercap, Wireshark, etc. These tools can be used for network, system and wireless reconnaissance, enumeration and penetration.

I use the backtrack suite in teaching my ethical hacking class. It is a great tool for anyone interested in learning to perform security assessments.

Other suites with similar functionality can be found in a previous post.

As someone who works in an environment where I have access to networking and security equipment, I am more fortunate than most students in my classes who are trying to break into the networking and/or security fields but lack the necessary access to needed equipment to get the hands-on experience that is usually a prerequisite for employment. As I try to make my classes as practical as possible, one challenge I face is how to get my students as much hands-on access to real equipment as much as possible. There are limited number lab hours especially for students who have to work (most of my students are professional working adults).

This week, I am in a Cisco Security Faculty Development boot camp where college professors are trained on the Cisco CCNA curriculum and given tools with which to better present that information in their courses. We are using Cisco Packet Tracer version 5.2.1 which is a network simulation software that allows students to experiment with network configuration and behavior. As I’ve never used Packet Tracer before, I am very impressed with this tool. The ability to simulate local and wide area networks will be a great tool top better acquaint my students with networking and security equipment (atleast Cisco’s incarnation of them). I try to keep my classes as vendor independent as possible but as the underlying principles are essential the same, if you can configure one, you can figure out the other vendors.

VMware is also a great tool for training tool. It allows you to install/run different operating systems in software. Using VMware player or the free version of VMware server, I have my students practice with various linux operating systems or virtual appliances. See http://www.vmware.com/appliances/ for devices that have been ported to run as a virtual appliance.