TestOut Ch 13 Activities

13.1.14 Locate a Rogue Wireless Access Point You are the IT security administrator for a small corporate network. To achieve Payment Card Industry Data Security Standard (PCI DSS) certification, you are required to scan for rogue access points quarterly. In this lab, your task is to scan for rogue wireless access points using Terminal as follows: - Use airmon-ng to discover and enable the onboard wireless adapter. - Use airodump-ng to scan for wireless access points. - Answer the questions.

1. From the Favorites bar, open Terminal. 2. At the prompt, type airmon-ng and press Enter to view and find the name of the wireless adapter. 3. Type airmon-ng start wlp1s0 and press Enter to put the adapter in monitor mode. 4. Type airmon-ng and press Enter to view the new name of the wireless adapter. 5. Type airodump-ng wlp1s0mon and press Enter to scan for wireless access points. 6. After a few seconds, press Ctrl + c to stop the scan. 7. In the top right, select Answer Questions. 8. Answer the questions. 9. Select Score Lab. Questions: 1. What is most likely the ESSID of the rogue access point? CoffeeShop 2. What is the signal power of the rogue access point? -90 3. What is the frequency channel used by the rogue access point? 11

13.2.4 Discover Bluetooth Devices -You are the IT security administrator for a small corporate network. To protect your Bluetooth devices from hackers, you need to discover which Bluetooth devices are running in your company and gather information on each. In this lab, your task is to scan for Bluetooth devices using Terminal as follows: - Use hciconfig to discover and enable the onboard Bluetooth adapter. - Use hcitool to scan for Bluetooth devices and find the class ID. - Use l2ping to determine if the Bluetooth device is alive and within range. - Use sdptool to query Philip's Dell Laptop to determine the Bluetooth services available on the device. - Answer the question.

1. From the Favorites bar, open Terminal. 2. At the prompt, type hciconfig and press Enter to view the onboard Bluetooth adapter. 3. Type hciconfig hci0 up and press Enter to initialize the adapter. 4. Type hciconfig and press Enter to verify that the adapter is up and running. 5. Type hcitool scan and press Enter to view the detected Bluetooth devices and their MAC addresses. 6. Type l2ping MAC address and press Enter to determine if the Bluetooth device is in range. 7. Press Ctrl + c to stop the ping process. 8. Repeat steps 6-7 for each device. 9. Type sdptool browse B0:52:23:92:EF:CC and press Enter to view the details for Philip's Dell Laptop. 10. Type hcitool inq and press Enter to determine the clock offset and class for each device. 11. In the top left, select Answer Questions. 12. Select the correct answer. 13. Select Score Lab. Question: 1. Using the MAC address, what is the class ID number for the Joanna's Braven speaker? 0x240404

13.1.9 Discover a Hidden Network You are a cybersecurity consultant. The company hiring you suspects that employees are connecting to a rogue access point (AP). You need to find the name of the hidden rogue AP so it can be deauthorized. The computer suspected of using the rogue access point is Exec-Laptop. In this lab, your task is to complete the following: - On IT-Laptop, use airmon-ng to put the wireless adapter in monitor mode. - Use airodump-ng to find the hidden access point. - On Exec-Laptop, connect to the rogue AP using the CoffeeShop SSID. - Answer the question.

1. On IT-Laptop, configure the wlp1s0 card to run in monitor mode as follows: a. From the Favorites bar, open Terminal. b. At the prompt, type airmon-ng and press Enter to find the name of the wireless adapter. c. Type airmon-ng start wlp1s0 and press Enter to put the adapter in monitor mode. d. Type airmon-ng and press Enter to view the new name of the wireless adapter. 2. Use airodump-ng to discover and isolate the hidden access point as follows: a. Type airodump-ng wlp1s0mon and press Enter to discover all of the access points. b. Press Ctrl + c to stop airodump-ng. c. Find the hidden access point ESSID <length : 0>. d. In the top right, select Answer Questions. e. Answer the question. f. In Terminal, type airodump-ng wlp1s0mon --bssid bssid_number and press Enter to isolate the hidden access point. 3. Switch to the Exec-Laptop and connect to the Wi-Fi network as follows: a. From the top navigation tabs, select Floor 1 Overview. b. Under Executive Office, select Exec-Laptop. c. From the notification area, select the Wi-Fi network icon. d. Select Hidden Network. e. Select Connect. f. In the Enter the name (SSID) for the network field, type CoffeeShop. In a real environment, you'll only need to wait until the employee connects to the rogue access point again. g. Select Next. h. Select Yes. i. Under Lab Questions, select Score Lab. Question: 1. What is the BSSID of the rogue access point? 00:00:1B:11:22:33

13.3.6 Secure a Mobile Device You are the IT administrator for a small corporate network. The receptionist, Maggie Brown, uses an iPad to manage employee schedules and messages. You need to help her make the iPad more secure. The current simple passcode is 1542. In this lab, your task is to: - Set a secure passcode on the iPad as follows: >> Require a passcode: After 5 minutes >> New passcode: KeepOutOfMyPad - Configure the iPad to erase data after 10 failed passcode attempts.

1. Set a secure passcode on the iPad as follows: a. Select Settings. b. From the left menu, select Touch ID & Passcode. c. Enter 1542 for the passcode. d. Select Require Passcode e. Select After 5 minutes. f. At the top, select Passcode Lock. g. Next to Simple Passcode, slide the switch to turn off simple passcodes. h. Enter 1542 for the passcode. i. Enter KeepOutOfMyPad as the new passcode. j. Select Next. k. Enter KeepOutOfMyPad to re-enter the new passcode. l. Select Done. 2. Configure the iPad to erase data after 10 failed passcode attempts as follows: a. On the Touch ID & Passcode page next to Erase Data, slide the switch to enable Erase Data. b. Select Enable.

13.1.13 Discover a Rogue DHCP Server You are the IT security administrator for a small corporate network. Several of your users have reported that they are unable to connect to the network. After examining their computers, they all seem to be getting bad IP address information from a rogue DHCP server. In this lab, your task is to identify the rogue DHCP server using Wireshark: - Use Wireshark to capture and filter DHCP traffic. - Disable and enable the enp2s0 network interface to request a new IP address from the DHCP server. - Find the rogue DHCP server. - Answer the questions.

1. Use Wireshark to capture and filter DHCP traffic as follows: a. From the Favorites bar, select Wireshark. b. Under Capture, select enp2s0. c. Select the blue fin to begin a Wireshark capture. d. In the Apply a display filter field, type bootp and press Enter. 2. Disable and enable the enp2s0 network interface as follows: a. From the Favorites bar, select Terminal. b. At the prompt, type ip addr show and press Enter to view the current IP configuration. c. Type ip link set enp2s0 down and press Enter. d. Type ip link set enp2s0 up and press Enter to enable the interface and request an IP address from the DHCP server. 3. Maximize the window for easier viewing. 4. In Wireshark, under the Source column, find the IP addresses of the rogue and legitimate DHCP servers that sent the DHCP Offer packets. 5. In the top right, select Answer Questions. 6. Answer the questions. 7. Select Score Lab. Questions: 1. What is the IP address of the rogue DHCP server? 10.10.10.240 2. What is the IP address of the legitimate DHCP server? 192.168.0.14