Jump to content

Using Kali Linux to Test Home Network Security


vagabond_night
 Share

Recommended Posts

Hey everybody.

I am new to this forum but not new to Hak5 (love the show).

It has been some time since I played with Backtrack (now Kali Linux -- has it been that long for me? hah) and toyed with the basics using my home network as a guinea pig :-D

I live in an apartment complex and am starting to wonder if my home network might be the target of some tomfoolery...

Trying not to sound too paranoid here but I've been noticing more red flags lately.... it is probably nothing... but it is probably time for me to give the home network a health checkup :-)

I was just wondering if someone could point me in the right direction of which tools to use, where to start, etc. using the latest version of Kali

I know a good place to start is testing the security of my wifi encryption (TKIP & AES) and passphrase... but after this I am kind of stumped as to what else I should check for.

Thanks guys! Happy to be here. Hope to get to know some of you!

Cheers.

Link to comment
Share on other sites

Obvious things you probably already started with but:

- reset and update to latest firmware*

- change default password

- change wifi to WPA2 at a minimum

- enable administration over HTTPS only

- disable administration over wifi, use wired only

- disable remote administration, limiting only to your home network

- hard code something like OpenDNS in the router and your nodes at home to help prevent rebinding attacks(although not 100% full proof)

- disable SNMP, SSDP and uPnP

- disable tftp and all open ports such as telnet(port foward everything to a non existent internal address if need be)

- disable WPS pin code logins

- enable AP Isolation mode

- enable mac address filtering and if possible, use static addressing vs DHCP unless you have something like a TV or device you can't set statically, which I would then change the subnet mask to limit DHCP to small number of nodes and if capable, add DHCP reservations in the router settings

- enable SPI firewall if capable

* optional, if uber paranoid, limit administration to one wired node's statically assigned IP just don't lock yourself out

Then start testing against it with tools of your liking, reaver/wifite, external and internal port scanning(you'll need a server on the internet to run attacks from against your home IP), various wifi tools of your choosing(kali menu for radio/wireless attacks) and just work from there.

Edited by digip
Link to comment
Share on other sites

What are these red flags you are seeing?

I'd go with what digip is saying, harden first then worry about actually testing things. If you want to play with new technologies then have a look at Security Onion rather then Kali. SO is a prebuilt IDS distro which you can deploy to watch for bad things going on

Link to comment
Share on other sites

And reinstall the systems you distrust before hardening them, as not doing so would sort-of defeat the purpose.

Cooper hit on something as well, whatever you may be seeing from your workstations, may be them that are compromised and not the network gateway. Vet all your machines as well.
Link to comment
Share on other sites

Obvious things you probably already started with but:

- reset and update to latest firmware*

- change default password

- change wifi to WPA2 at a minimum

- enable administration over HTTPS only

- disable administration over wifi, use wired only

- disable remote administration, limiting only to your home network

- hard code something like OpenDNS in the router and your nodes at home to help prevent rebinding attacks(although not 100% full proof)

- disable SNMP, SSDP and uPnP

- disable tftp and all open ports such as telnet(port foward everything to a non existent internal address if need be)

- disable WPS pin code logins

- enable AP Isolation mode

- enable mac address filtering and if possible, use static addressing vs DHCP unless you have something like a TV or device you can't set statically, which I would then change the subnet mask to limit DHCP to small number of nodes and if capable, add DHCP reservations in the router settings

- enable SPI firewall if capable

* optional, if uber paranoid, limit administration to one wired node's statically assigned IP just don't lock yourself out

Then start testing against it with tools of your liking, reaver/wifite, external and internal port scanning(you'll need a server on the internet to run attacks from against your home IP), various wifi tools of your choosing(kali menu for radio/wireless attacks) and just work from there.

Oh wow, I barely expected a reply... so it was so nice to get these replies from each one of you. Many thanks!

Great tips thank you - I have read up on a few of these... some I have no clue where to configure these but I don't mind googling for the info.

Link to comment
Share on other sites

So, you know when you see that yellow warning sign saying that this cert is not valid? I have noticed this once or twice in the past few months - one warning was when visiting Gmail and the other I do not remember exactly - but I do remember making note of it.

Other times it is just a vague warning that there are duplicate IPs on the same network and then I will have to reboot the router until given a new IP. Am I being paranoid here then? Perhaps this is merely a dhcp issue?

Other times I have looked at graphs and found that there was a startling amount of bandwidth coming and going from our network. I once joked that it was just a botnet doing its thing ;-)

We are pretty careful around here and don't go to any questionable sites, we don't do torrenting on the work machines, and we keep up to date with Kaspersky Internet Security. We also use DD-WRT with the latest firmware.

It is probably me paranoia. Obviously I find more issues when I am using the home wifi.

....

What are these red flags you are seeing?

I'd go with what digip is saying, harden first then worry about actually testing things. If you want to play with new technologies then have a look at Security Onion rather then Kali. SO is a prebuilt IDS distro which you can deploy to watch for bad things going on

Link to comment
Share on other sites

What are these red flags you are seeing?

I'd go with what digip is saying, harden first then worry about actually testing things. If you want to play with new technologies then have a look at Security Onion rather then Kali. SO is a prebuilt IDS distro which you can deploy to watch for bad things going on

Thank you so much for the Security Onion recommendation! I am watching a review on the OS and Snorby looks great - that alone will be a big help in improving network security.

Cheers for that!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...