. .

-
-
2014
 004
32.973.26-018.2
12

. .
12 . .: -, 2014.
240 .: . ( )
ISBN 978-5-9775-3314-0

, -
. -
. -
: , Wi-Fi-, MAC-, -
.
-
. , ,
.

.
, ,
Windows- (
Unix ),
: -
.

004
32.973.26-018.2

:

.

28.02.14.
70 1001/16. . . . . 19,35.
1500 .
"-", 191036, -, ., 20.
""
199034, -, 9 , 12/28

ISBN 978-5-9775-3314-0 . ., 2014

, "-", 2014


.................................................................................................................. 5
1. ARP-spoofing,

"" .......................................................................................................... 7
2. ................................................................ 19
3. - enable Cisco ........ 29
4. MAC- ....................................................................... 41
5. WPA2-PSK Wi-Fi- ................................................ 53
6. Wi-Fi .................................................................................... 73
7. IP- ............................................................... 83
8. .................... 101
9. ........................................... 125
10. ? ....................................................... 149
11. ..................................... 163
12. ............................................................................................... 175
12.1. . ......................................... 175
12.2. .............................................. 179
12.3. ,
............................................................................................................. 186
12.4. .......................................................................................... 192
12.5. , ....... 201
12.6. "" .............................. 208
12.7. VPN .......................................................................................... 210
12.8.
..................................................................................... 212
12.9. , ........................................... 215

......................................................................................................... 221
. Wi-Fi-
TP-LINK.......................................... 223
4


.
. ,
, , ,
, , .
( ) : -
-
.
, -
. ,
! , , , -
-
, .
-
. , -
, -
, -
.
,
. - : ,
,
. ,
, .
, , -

. , -
, -
.
6

-
. !
, : " " (plug and play).
...
-
, -

Windows! , UNIX-
, , -
, .
: ,
( ,
), ( -
, " "), (
) -
, .
, , -
,
, ,
.
(. -
) (. ),
.
 1

ARP-spoofing,


""

. , , -
.
-
,
.
, -
, ,
"", !
, : ! -
?!
-
(University of Indianapolis, http://
is.uindy.edu/policies/password.php):

University of Indianapolis Password PolicyIntroduction

Passwords are an important part of computer security. They are the first and sometimes
last line of defense against would be criminals. A poorly chosen password or mishandled
password can result in a temporary denial of computer services, identity theft, theft of
university services and even financial loss. Appropriate password security is necessary
to protect the University's academic interactions, business and research.
8 1

This policy describes the requirements necessary for creating and maintaining password
security on all UIndy Accounts.

Policy Statement
All network devices and accounts must be secured with appropriate username and
passwords. Whenever possible, systems will use UIndy Accounts stored in a central
directory. All UIndy Accounts, including those used by faculty, staff, students, contractors
and partners of the University, must be properly secured using the methods described in
the following sections of this document.

Creating a Strong Password

The University of Indianapolis requires strong passwords on all UIndy Accounts. The
University defines strong passwords as passwords that will take a computer at least
6 months to try all possible combinations of the letters, numbers and special characters
contained in your password. The following are characteristics of a strong password:
 contains lower case and upper case letters (a-z and A-Z)
 contains numbers as well as letters
 contains special characters such as: !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
 is at least eight characters in length
 is not a word in any dictionary, English or other
 is not based on any bit of personal information: pet names, birth date, street names,
etc
 is not based on anything to do with the University of Indianapolis, UIndy, Hounds, etc

Password Change Frequency

The University of Indianapolis requires all passwords to be changed every six months.
This reduces the likelihood of the password being discovered and reduces the length of
time a compromised account can be unknowingly used for criminal activity.

Password Storage
Choose passwords that are easy to remember so that it is not necessary to write it on
any piece of paper. A password that is written on a sticky note attached to the bottom of
the keyboard is as good as no password at all.

Password Confidentiality
Never tell another person your password. Your password should be kept completely con-
fidential. Supervisors, coworkers, friends and family should never know your password.
Likewise, it is inappropriate to ask another user for their password. If a person demands
your password, refer the person to this document and/or contact the Office of the Chief
Information Officer.
 ARP-spoofing 9

Periodic Scans
University of Indianapolis Information Systems will periodically employ password crack-
ing techniques to determine the effectiveness of this password policy. Any passwords
found to be weak during these scans will be immediately changed and the user notified.

Encryption
All University computer systems will store passwords in an encrypted form. As such, the
Information Systems Help Desk cannot see or retrieve a password, only assist users in
changing to a new password.

Compromised Accounts
If you suspect that a UIndy account has been compromised, report it to the Information
Systems Help Desk immediately. Accounts that have been compromised will immediate-
ly have their password changed to prevent further losses.

: , -
,
.
, , :
.
-
:
...
4.1.1.
, (: ,
, Internet-).
4.1.2. ,
(, , -
), , .
...

. , -
"", .
, -
, ,
, "" .
: , -
(, , ). -
.
, , , !
10 1

( , -
) , :
, .
.
,
IP- 4, ARP-spoofing!
, ARP (Address Resolution Protocol, -
) IP-
, . . , , -
. -
MAC-.
, . ,
ARP- (ARP cache).
IP- -
, - .
, -
ARP (
, ARP, RARP reverse address resolution pro-
tocol, ).
ARP , ,
. , , -
:
, -
, :
1. , IP- -
.
2. , IP- -
.
, ( man-
in-the-middle), , ,
.
. .
,
Windows (. 1.1).
,
. 1.2.

Cain & Abel ( ).
 ARP-spoofing 11

, -

Winpcap.

!

. 1.1

. 1.2

(. 1.3).
Sniffer | Hosts, IP- MAC- -
,
192.168.0.102. Start\Stop Sniffer
(+) (. 1.4).
Sniffer | ARP ,
, .
Start\Stop Sniffer (+) -
(. 1.5).
, -
(. 1.6).
12 1

. 1.3

. 1.4
 ARP-spoofing 13

. 1.5

. 1.6
14 1

. 1.7

, -
(. 1.7).
. , -
. ,
www.mail.ru,
babins@inbox.ru arptest. ,
http (. 1.8).

. 1.8
 ARP-spoofing 15

. 1.9

, "" HTTP |
Password Sniffer Cain & Abel (. 1.9).
- -
,
POP3.
.
, , -
, HTTP
arptest (. 1.10).
, ,

.
: -
. ,
.
16 1

. 1.10

, ,

SSL, . . , , -
.
, , , ,
"" ( ) - -
,
. -
: , ""...
, ARP-spoofing
! ,
Iptools ( . (Erwan L.)). ,
, Cain & Abel,
, - . ,
.
-
,
. Wireshark (. 1.11,
http://www.wireshark.org).

,
( ),
, UNIX-, -
 ARP-spoofing 17

. 1.11

.
.
! -
... ,
! ! , ?
"", "",
-

. 1.12
18 1

SIW (System Information for Windows), , ,

cookies-, ,
, ( ,
- -
) . 1.12.
: . . ,
, SIW ( ),
- ... , ,
, ?! , , !..
 2

, ,
,
, -
. , : ipconfig, arp
.
,
. ,
, .
. , , , "",
" " -
. , , -
Wi-Fi- IP--
, DHCP-.
, ""
! -
.
, .
-
, . -
,
.
. -
. -
(. 2.1).
, IP-
192.168.1.54 (. 2.2).
20 2

. 2.1

. 2.2
 21

. 2.3

. 2.4
22 2

,
. , MAC-
00-11-91-34-93-03.
, admin 1234
( ZyXEL) (. 2.3 3.4).
- , -
HDCP, ,
MAC- 00-11-91-34-93-03 (. 2.5).

. 2.5

Clear
- (. 2.6).
, , -
! IP-
(: ). , , . IP-
192.168.1.54 MAC-.
DHCP- (. 2.7).
MAC-, ,
.
IP-, DHCP-,
 23

. 2.6

. 2.7
24 2

,
. ,
. .
,
, , ,
.
,
. , ,
, .
IP- 192.168.0.171 MAC-
0-60-56-69-2-76. (-
) 192.168.0.1 MAC- 74-EA-C2-E4-
5A-3A, .
, . . , -
MAC- ARP , -
. ,
arp -a (. 2.8).

. 2.8

,
ARP. , -
: Ip Tools ( . (Erwan L.)).
-
, IP-
MAC- .
ARP- 192.168.0.0.
: Tools | ARP | ARP Scan/MAC to IP (. 2.9).
: (),
(192.168.0.100), (192.168.0.171).
 25

. 2.9

IP Tools, ARP-, -
, MAC- 00-19-66-93-29-2B.
ARP- "Reply".
, MAC- (MAC DEST) FF-FF-FF-
FF-FF-FF (. 2.10).
Start ,
, .
, ARP- -
, MAC- (. 2.11).
, -
.
, , -
, . -
, -
. ,
,
.
-
. , -
, , MAC-
( ), , "-
" , . : , -
, ,
- .
26 2

. 2.10

. 2.11
 27

MAC- , -
. , ,
MAC-
.
, -
(. 2.12).

. 2.12

, -

-
, .
: , -
ARP, (
,
WINPCAP, ).
28 2
 3

- enable
Cisco
, -
. , -
.
.
, "" .
.
, Windows , -
, , -
. -
HKLM\Setup. , -
,
.
Windows -
. -
.
, , -
, -
, -
. Windows - -
SAM (Security Accounts Manager).
UNIX- etc/shadow.

. . ,
, -, . -, -
, ,
30 3

. -
. , ,
, . -
, ,
- - ,
"", , -
.
- .
: John the Ripper, L0phtCrack, SAMinside, Ophcrack,
RainbowCrack, Md5 Crack Monster .
-
,
( ).
,
Cisco.
TFTP-
. ,
,
, ,
-. , , ,
enable . , -
, :
, . . , .
, .
. -
, ,
- , -
.
. -
GNS3 (http://www.gns3.net/)
Cisco ,
"", ,
enable, show running (. 3.1).
, -
enable, abc123. -
, , , -
. ( conf)
( enable secret abc123, -
. 3.2).
 - enable Cisco 31

. 3.1

. 3.2
32 3

. 3.3

, show run (. 3.3).

- enable :
$1$VRu4$/Nw/GRY9WrNOfF40JbthA1
Cain & Abel,
Brute-Force Attack, . . (. 3.4).

. 3.4
 - enable Cisco 33

. 3.5

- (. 3.5).
,
.
, Brute-Force .
6- 4 -
.
, , . ,
.
, Cain & Abel.
: Dictionary Attack! :
(), (
),
. .
, . -
, : Cisco Type-7, Cisco VPN Client,
34 3

VNC, , , Syskey. :
, RCA SecurID Token, VPA PSK.
Cain & Abel
Base64, ,
,
ASCII .
Base64.
, ,
GNS3. , -
!
- , --
( Cain & Abel). , -
GNS3
( ), -
.
, " " -
, -
, Cisco.
IOS (Internetwork Operating System -
Cisco). -
, -
IOS , IOS. -
, , . ,
. GNS3 -
, : Wireshark
Putty (. 3.6).
Putty -
, SSH.
, -
, Cisco.
, SSH (Secure Shell) ,
. , -
Telnet (
) . , ,
. SSH -
.
SSH SSH-1 SSH-2.
SSH-1
. Putty SSH
(. 3.7).
 - enable Cisco 35

. 3.6

. 3.7
36 3

SSH- Tor, -
.
, SSH
,
. Windows, -
, freeSSHD (http://www.freesshd.com)
, telnet (. 3.8).

. 3.8

root, -
,
(. 3.9).
- (192.168.0.171) telnet -
Pytty (. 3.10).
(. 3.11).
 - enable Cisco 37

. 3.9

. 3.10
38 3

. 3.11

Wireshark (192.168.0.100)
: "" -
(192.168.0.171) , Edit Find Packet,
password (. 3.12 3.13).

. 3.12

, , telnet -
(. 3.14).
 - enable Cisco 39

. 3.13

. 3.14

,
SSH (. 3.15).
(. 3.16).
password
, SSH
(. 3.17).
, -
UNIX-c
SSH,
Pytty. .
40 3

. 3.15

. 3.16

. 3.17
 4

MAC-

,
. ,
.
,
, ,
MAC-.
, -
- -
, , ,
. , , -
MAC- , -
. -
.
, -
, , . . -
.
, -
,
.
MAC- -
, -
. , ,
" MAC-
". , -
, -
, MAC-. -
42 4

, , , " -
"! .
, .
Wi-Fi-
MAC- A0-71-A9-9F-41-3A E0-B9-A5-2F-A8-75 (. 4.1).

. 4.1

MAC- (, -
, . . ),
74-EA-3A-E4-5A-C2
(. 4.2).
-
. ,
5322556250 (. 4.3).
, MAC-,
, , "-
" .
 MAC- 43

. 4.2

, , "" -
. -
- Wi-Fi-.
, , CommView for WiFi.
. -

.
,

.
, ,
. . -
, , - -
. , , ,
. , ,
- , "" ,
. -
. , ,
"" .
44 4

. 4.3

, ?
, , :
1. CommView -
DriverMax
,
.
2. CommView. -
, .
3. DriverMax (. 4.4) -
.
, "" -
.
.
 MAC- 45

. 4.4

, -
(DriverMax), ,
MAC-.
, ,
CommView for WiFi.
, -
( E0-B9-
A5-2F-A8-75). "" Wi-Fi-
(. 4.5).
, ,
(. 4.6).
, ( -
). , -
, .
46 4

. 4.5

. 4.6
 MAC- 47

,
, , .
, ,
(. 4.7).

. 4.7

, -
(. 4.8).
, , MAC-
( E0-B9-A5-2F-A8-75) MAC- -
. 74-EA-3A-5A-C2 (. 4.9).
, -
MAC-. , -
.
48 4

. 4.8

. 4.9
 MAC- 49

-
MAC- , -
, , -
.
MAC- Wi-Fi-. , -
, ,
Ethernet.
, -
: , Wi-Fi-, ,
, , -
- ?
MAC-
? ,
. , , -
Windows, : SMAC, SIW ( -
), Macshift, IPtools .
, MAC- , -
( )
, Network address.
,
MAC-, :
 ;
 - .
, , . . -
. , , -
.
, .
, .
, , -
. ,
64- Windows,
,
Windows, 32-.
. , ,
, , -
MAC- Wi-Fi-. -
Windows- ipconfig (. 4.10).
50 4

. 4.10

, , , : -60-76-
69-2-56.
MAC-,
, -
MAC- -60-76-
69-2-56 5322556250.
-60-76-69-2-56 -
(. ), ,
WPA2-PSK.
MAC- -60-76-69-2-56
E0-B9-A5-2F-A8-75
.
MAC-
MACChange (. 4.11).
ipconfig,
(. 4.12).
, . -
, .
, (. 4.13).
,
, -
.
 MAC- 51

. 4.11

. 4.12

, -
" MAC-" .
,
.
.
, "" (Wi-Fi)
"" MAC-, -
, ,
52 4

. , -
. ,
( ) -
MAC- . , -

D-Link MAC- ZyXEL.

.

. 4.13
 5

WPA2-PSK
Wi-Fi-
, -
Wi-Fi-, -
. , ,
, .
!
,
"",
: ", ! "! -
, , -
Wi-Fi- !
, ,

. , -
- ! , ,
. :
- .
?
, -
,
-
.
. , , -
.
. -
, , ,
54 5

. -
- .
, , ,
. ,
! ,
. , : -
-,
. !
, , -
, - Wi-Fi ( ,
WinPcap CommView for WiFi), -
, Aircrack, -
. ,
Aircrack "" WEP.
! : WEP!
WPA -
. , WPA -
. , -
,
,
. ,
, , -
"--" , ""
("")?
Aircrack , -
. .
, , -
, WPA-PSK,
"" , , WEP. ,
.
,
, , -
: - - , - , -
- .
, WPA-PSK , ,
, .
Wi-Fi-, TEST SSID (. 5.1).
 WPA2-PSK Wi-Fi- 55

. 5.1

, PWA2-PSK,
,
abc12345 (. 5.2).
TEST (. 5.3).
, , , -
.
, "", -
CommView for WiFi.
-
, . . TEST
(. 5.4).
, -
, MAC- 74:EA:3A:E4:5A:C2 (. 5.5).
,
(. 5.6).
56 5

. 5.2
 WPA2-PSK Wi-Fi- 57

. 5.3

. 5.4
58 5

. 5.5

. 5.6
 WPA2-PSK Wi-Fi- 59

, -
(smac)
(dmac). , ,
"smac=74:EA:3A:E4:5A:C2 or
dmac=74:EA:3A:E4:5A:C2" (. 5.7).

. 5.7

, -
. (. 5.8).
, ,
(. 5.9).
,
<Ctrl>+<L> CommView
(LogViewer). ,
CommView . ,
.
(. 5.10).
60 5

. 5.8

. 5.9
 WPA2-PSK Wi-Fi- 61

. 5.10

, -
, .
| log-
tcpdump... .
.
( tcpdump) -
Elcomsoft Wireless
Security Auditor. , ,
TCPDUMP (. 5.11).
, , , -
SSID=TEST (. 5.12).
, |
| | ,
(. 5.13).
62 5

. 5.11

. 5.12
 WPA2-PSK Wi-Fi- 63

. 5.13

" ",

, .
, , ,

( ). ,
, :
. , , , -
.
(. 5.14).
(. 5.15).
64 5

. 5.14

, , 12 .
123,
(
).
123
.
2 12 , -
, (. 5.16).
: ,
,
(, ), -
WPA2-PSK.
, !
, :
<Ctrl>+<G>! ,
CUDA ATI Stream.
 WPA2-PSK Wi-Fi- 65

. 5.15

. 5.16
66 5

. , -
, 1 , 336 ,
1620 , -
10 .
22 . , 2 ., (. 5.17 5.18).
-
, , , !

. 5.17

. 5.18
 WPA2-PSK Wi-Fi- 67

, WPA2-PSK ! ? -
, ,
, -
(
3- Intel-, 2 ). -
50% 12 ,
, 2 12 4 = 48 (. 5.19).

. 5.19

, ,
5 .
, , , , ?.. -
, -
, , :
ARP-spuffing.
. ! -
.
, , ( -
) , , " " .
68 5

! ,
! " "? ,
WPA ,
. . CommView
for WiFi , -
()! -
EAPOL,
. , , -
" " -
CommView (. 5.20).

. 5.20

.
.
. EAPOL-, -
WPA-PSK.
, TCP IP
. -
, () : -
, .
 WPA2-PSK Wi-Fi- 69

, ! , ,
? ,
. -
. ,
(. 5.21).

. 5.21

HTTP- . 5.22.
: ,
...
, , , .
Wi-Fi-
, CommView

(. 5.23),
.
70 5

. 5.22

. 5.23
 WPA2-PSK Wi-Fi- 71

, , -

.
http://hashcat.net/oclhashcat-plus/ -
- oclHashcat-plus,
CUDA 55--
.
( ). ,
.

Performance
 PC1: Windows 7, 64 bit
 Catalyst 13.8beta1
 1x AMD hd7970
 stock core clock

 PC2: Windows 7, 64 bit

 ForceWare 325.15
 1x NVidia gtx580
 stock core clock

 PC3: Ubuntu 12.04.1, 64 bit

 Catalyst 13.8beta1
 1x AMD hd6990
 stock core clock

 PC4: Ubuntu 12.04.2, 64 bit

 ForceWare 319.37
 1x NVidia gtx560Ti
 stock core clock

Hash Type PC1 PC2 PC3 PC4

NTLM 7487M c/s 2489M c/s 10935M c/s 1772M c/s

MD5 5144M c/s 1802M c/s 6974M c/s 1363M c/s

SHA1 2030M c/s 785M c/s 3139M c/s 535M c/s

72 5

()
Hash Type PC1 PC2 PC3 PC4

SHA256 1003M c/s 350M c/s 1247M c/s 232M c/s

SHA512 75M c/s 117M c/s 214M c/s 71M c/s

LM 1276M c/s 465M c/s 1004M c/s 242M c/s

phpass $P$ 2071k c/s 789k c/s 2771k c/s 511k c/s

descrypt 63371k c/s 37137k c/s 79100k c/s 18332k c/s

md5crypt $1$ 3445k c/s 1044k c/s 4425k c/s 648k c/s

Bcrypt $2a$ 3788 c/s 1583 c/s 3861 c/s 626 c/s

sha512crypt $6$ 12545 c/s 15153 c/s 34192 c/s 6726 c/s

Password Safe
495k c/s 158k c/s 648k c/s 106k c/s
(SHA-256)

IKE-PSK (MD5) 297M c/s 99M c/s 335M c/s 59M c/s

Oracle (DES) 371M c/s 142M c/s 265M c/s 68M c/s

DCC (MD4) 3803M c/s 1181M c/s 5377M c/s 851M c/s

Joomla (MD5) 4609M c/s 1659M c/s 6253M c/s 1172M c/s

MSSQL (SHA1) 1677M c/s 639M c/s 2659M c/s 503M c/s

WPA/WPA2
133k c/s 45k c/s 181k c/s 33k c/s
(PBKDF2)

,
.
 6

Wi-Fi

: Wi-Fi .
, ,
, , -
- , -
.
"" -
. , ,
RADIUS .
, "" , ,
,
.
, Wi-Fi, -
, ,
. , , -
aircrack-ng,
,
- , .
Wi-Fi:
1. C - , -
( -
EESID). -
CommView for WiFi.
2. . 1 ,
, Elcomsoft
Wireless Security Auditor , .
74 6

, -
UNIX.

Wi-Fi- Linux BackTrack.
DVD-,
, " " .
BackTrack . , -
,
GNOME. KDE. -
: 32-, 64- . .
.

:
 -
: root@root:~#. ,
startx, -
GNOME, . . ;

startx ,
, -
root toor.
, .
, -
GNOME, BackTrack (. 6.1).
,
- Wi-Fi.
Windows, UNIX-
, .
,
. , ,
TEATR. ,
, Places,
Computer GNOME,
Device. , TEATR -
GNOME. TEATR
, ,
/media/TEATR (. 6.2).
 Wi-Fi 75

. 6.1

. 6.2
76 6

, /media/TEATR -
. , ,
, mount .
. Applications -
Accessories | Terminal.
:
root@root:~#

:
iwconfig

Wi-Fi- , ,
. 6.3.

. 6.3

, Wi-Fi-,
wlan0.
"", -
wlan0:
airmon-ng start wlan0

. 6.4.
iwconfig, ,
(. 6.5).
 Wi-Fi 77

. 6.4

. 6.5
78 6

Wi-Fi- mon0.
:
airodump-ng mon0

airodump-ng . 6.6.

. 6.6

, -
-. ESSID "t-r-e", MAC-
F0:7D:68:81:A4:F8.
.
Applications Accessories |
Terminal. cd /media/TEATR (. 6.7).

. 6.7

/media/TEATR, :
airodump-ng --bssid F0:7D:68:81:A4:F8 -w namefile mon0

. 6.8.
( ),
<Ctrl>+<C>
.
 Wi-Fi 79

. 6.8

namefile.cap TEATR, . . airodump-

ng , .
BackTrack Windows, -
-.

Elcomsoft Wireless Security Auditor.
,
, UNIX.
,
Elcomsoft Wireless Security Auditor,
,
.
, -
, -
. -
V-ListmakeR.
. , -
, , WPA2-PSK, -
, ,
( , , )?
,
0 9.
V-ListmakeR Passwordz ABC 0123456789,
count 8-8 ( ),
. 6.9.
Generate, ,
.
1 . , , .
80 6

. 6.9

,
,
, .
: . -
-
( CUDA)
. . 6.10 , -
(19 13 ).
, , : -
60 -
(, , 90 ).
, ,
. , ,
: , -
. -
.
. , ,
, ,
.
-
Total Commander. ,
,
250 .
.
 Wi-Fi 81

. 6.10
82 6
 7

IP-

IP-
, -
, . "" -
: " IP-",
, ,
, -
.
.
, (. 7.1).

. 7.1

IP- ,
. -
" ". -
-.
-, , -
" ". IP-
-. , -
84 7

, . . -
,
"" .
-,
. , , , MS Internet
Explorer (MS IE).
, (. 7.2).

. 7.2

(. . 7.2), -
- , -
IP- -, ,
-
(. 7.3).
 IP- 85

. 7.3

, - -
HTTP-, , -
-, -
( ) . , ,
FTP- , ,
, (. 7.4).
IP-! -
, " "! -
(. 7.5).
, ! -
SuperSocks5Cap.
, SuperSocks5Cap -
, -, -
, -
- ,
MS Internet Explorer.
,
- -
Socks4, Socks5, HTTPS .
(. 7.6).
86 7

. 7.4

. 7.5
 IP- 87

. 7.6

, -
IP-,
(. 7.7).
, -
( Test This Proxy) . 7.8.
88 7

. 7.7

, , -
, . , -
SuperSocks5Cap! :
- , !!!
"" ,
SuperSocks5Cap. ( -
) MS Internet
Explorer (. 7.9).
, "-"
SuperSocks5Cap, (. 7.10).
, -,
, , !
.
,
-.
 IP- 89

. 7.8

. 7.9
90 7

. 7.10

, -
-
Tor (The Onion Router)!
" ". ,
. ,
, .

. -
. , -
,
-, -
.
. -,
:
,
, .
-,
. -, , -
: , ,
, ,
, " " .
,
. , -
, Tor ,
.
-. -
Firefox Portable -
. !!!
, "-", -
Firefox Portable
IP- (. 7.11).
 IP- 91

. 7.11

- (https://check.torproject.org/?lang=ru) -
(. 7.12).

. 7.12

Tor (. 7.13).
IP-
.
, (. 7.14).
92 7

. 7.13

. 7.14
 IP- 93

NAT-
( , ) -
.
Tor ,
.
.
, (. 7.15).
( )
.
. 7.16
.

. 7.15
94 7

. 7.16

, Tor :
# This file was generated by Tor; if you edit it, comments will not be
preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will
ignore it

AvoidDiskWrites 1
ControlPort 9151
DataDirectory "D:/Install/NET_TOOLS/\322\316\320 -
\340\355\356\355\350\354\355\356\361\362\374\342 \361\345\362\350/Tor
Browser/Data/Tor"
DirReqStatistics 0
GeoIPFile .\Data\Tor\geoip
 IP- 95

Log notice stdout

SocksListenAddress 127.0.0.1
SocksPort 9150

ControlPort SocksPort.
-
Tor Firefox Portable.
. 7.17 , Tor.

. 7.17

-
Tor, , -
, - "",
Firefox Portable (. 7.18).
, Tor
9151, SOCKS 5 9150.
,
() Flash-
(. 7.19).
96 7

. 7.18

. 7.19
 IP- 97

Flash- ,
, Tor,
.
, -
. . , ,
,
Tor. , -
"" . ,
, , , -
,
Tor. , !
: Tor -
. , SSL-
. ("
") -
Tor...
IP- Tor -
. , Tor -
"" .
"", , IP-
(. 7.20).

. 7.20
98 7

"" -
( ).
, Tor , : -

" " -
...
, -
. ,
, .
, -
,
. , ,
, , ...
, -
.
, Tor
, - "" ,
-
, http ( 80- ),
. -
- ,
- . .
, ("", "",
Facebook) 63% .
Tor IP- -
- , - -
(. 7.21).
,
Tor. ,
, , ,
, -
...
, -
Tor . -
...
, ,
-
. , Tor .
 IP- 99

. 7.21
100 7
 8

,
? , -
. , ,
, .
?
:
. - ,
.
TrueCrypt (http://www.truecrypt.org)
. , , -
Create Volume,
( ), -
(. 8.1).
, Create an encrypted
file container ( -) . 8.2.
( ) (. 8.3).
- (. 8.4).
D: Test, -
security_volume (. 8.5).
, ,
AES, - SHA-512 (. 8.6).
. 2
(. 8.7).
.
(. 8.8).
102 8

. 8.1

. 8.2
 103

. 8.3

. 8.4
104 8

. 8.5

. 8.6
 105

. 8.7

. 8.8
106 8

. 8.9

, (
) . 8.9.
NTFS, -
, , Format (. 8.10).

. 8.10

(. 8.11).

(. 8.12).
, (. 8.13).
, .
! , -
! ! -
( "P")
 107

, Mount, -
- ( Select
File) . 8.14.

. 8.11

. 8.12
108 8

. 8.13

. 8.14
 109

. 8.15

(. 8.15).
,
(. 8.16).

. 8.16

,
. Tor, -
, .
110 8

-
( Dismount).
, - -
, , . , -
.
,
: BestCrypt, OpenPGP, Dekart Private
Disk . .
,
, ? , ,
! , ,
. -
.
CCleaner
. CCleaner
( Windows) -
, ,
, , .
-
(. 8.17).

. 8.17
 111

, , .
. -
( ) . 8.18.

. 8.18

( )
. 8.19.
(. 8.20).
,
"" (. 8.21).
, !
, ,
, ! -
, -
.
112 8

. 8.19
 113

. 8.20
114 8

. 8.21

-
, : -
, -
"" . ,
, ,
, ( -
) . -
"", -
"" , ,
- .
, " , , -
 115

", ... ,
-
.
-...
, ,
, -
. () -
...
, ,
, (,
""). -
- .

, , . ,
" " -
. -
: VirtualPC, VMware, VirtualBox.


, -
. . ,
. ,

,
, -
...
,
- -
. , , ,
.
http://www.microsoft.com/en-us/download/details.aspx?
id=3702 Windows Virtual PC . -
. Windows 7 , -
, (. 8.22).
Windows (. 8.23).
Windows Virtual PC
(. 8.24).
116 8

. 8.22

. 8.23
 117

. 8.24

, , TEST.

(. 8.25).

. 8.25

, " " (
), . -
( ,
118 8

Windows), ,
, .
. -
. - ,
, ...
, -
, -
.
-
, , ,
,
. , -
(. 8.26).

. 8.26

(. 8.27).
-
,
(. 8.28). .
 119

. 8.27

. 8.28

.
" ". -
, -.
.
Windows XP ( Windows XP ,
UNIX-)
( ),
. .
, , -
Windows XP, -
, . . (. . 8.23)
Windows XP Mode.
120 8

. 8.29

,
. 8.29.

, . 8.30.

( ), -
, (. 8.31).
-
.
, , -
, . -

. -
. , -
, -
 121

. 8.30

. 8.31
122 8

. -
. , . . " -.
"1 ,
...
,
, -
, , WinRAR.
rar-, , -
,
.
, ,
. , , -
, . ,
, , -
.
retrograd (. 8.32).

. 8.32

1
. -. (+ DVD-ROM). .: , 2012.
 123

, ( ) - ,
, RetrOgrad.
( user.dic) RetrOgrad
(. 8.33).

. 8.33

,
ARPR (Advanced RAR Password Recovery) ElcomSoft Co. Ltd
(http://www.elcomsoft.ru), (. 8.34).
(. 8.35).

. 8.34
124 8

. 8.35

,
, , , ,
, (, -
) .
 9

-
.
, TeamViewer, -
(. 9.1).
-
.

. 9.1
126 9

. Windows , , "
". . -
c Windows
, -
, , -
,
, "".
,
. ,
c Windows XP -
Windows 7 (. 9.2).

. 9.2

: -
, , - , ,
, , -
. , , -

. TeamViewer,
 127

: "" ( -
), , "- "
. ., ( )
. ,
- ,
.
, . .
...
.

. -
, .
, -
Radmin (http://www.radmin.ru).
, . , -
,
.
-,
, .
(. 9.3).

. 9.3

, Radmin (
) -
(. 9.4).
, -
, . -
(Hide tray icon) . 9.5.
Radmin. -
, -
(. 9.6).
, , -
(Radmin Viewer) . 9.7.
128 9

. 9.4

. 9.5
 129

. 9.6

. 9.7
130 9

Radmin , ,
. -
-
, Radmin
.
, Radmin
:
1.
Radmin, ,
.
2. REG, -
, Radmin
( ). :
Radmin .
3. IP- , , -
e-mail (, ).
4. -, -
.
5. , -
.
6. - - .
7. .
8. .
-
.
: -
Radmin, .
, ,
, .
: Radmin. ,

msi-. .

,
.

Rserver Svchost, - -
-. -
 131

Radmin , - -
,
(. 9.8).

. 9.8

: -
, . - -
Radmin ,
regedit ( ),
(. 9.9).
-
.
: IP-
, - .
, ,
(ipconfig), :
ipconfig >> info_ip.txt

. ! ,
,
132 9

. 9.9

, NAT (Network Address

Translation ).
, tracert (-
) - , :
tracert yandex.ru >> info_ip.txt

:
mail.ru [217.69.139.199]
30:
1 <1 <1 <1 192.168.0.1
2 1 ms 1 ms 1 ms 42-151-20-1.provider.info [42.151.20.1]
3 <1 <1 <1 10.100.10.41
4 <1 <1 <1 10.100.1.17
5 13 ms <1 <1 10.100.1.9
6 1 ms 1 ms 3 ms 10.100.102.46
7 1 ms 1 ms 2 ms 95-181-0-77. provider.info [95.181.0.77]
8 1 ms <1 1 ms kmo01.transtelecom.net [188.43.7.30]
 133

9 45 ms 45 ms 45 ms msk05.transtelecom.net [188.43.1.74]
10 45 ms 54 ms 45 ms Mail-gw.transtelecom.net [188.43.1.73]
11 45 ms 45 ms 45 ms ms.mail.ru [217.69.139.199]
.

,
( , , 192.168.0.1 192.168.1.1),
, . -
253 ... ,
.
-
, Radmin (
4899, . . 9.4),
?! , -
, (tracert),
!
, . . -
( , -
HOD-ms04011-lsasrv-expl).
. , -
-
.
, -
, "10-: " (10-Strike
Software) . 9.10.
-
Ultra Port Scanner (DANUSOFT). -
192.168.0.7 , -
0 20 000 (. 9.11).
: ,
! !
. -
, " ", .
, Ultra Port Scanner. -
, ,
IP- (192.168.0.1
192.168.0.254).
, , IP- - , -

. , , blat (http://www.blat.net/).
134 9

. 9.10

. 9.11
 135

250 . :
http://white55.narod.ru/smtp.html.
, , -
FTP-. Windows
FTP-:
ftp n s:____ftp- -A IP-_

n ; s , ,
; -A ,
(, );
IP-_ , FTP-.
get (
).
ftp-, -
, -
.
FTP- , ,
, Xlight FTP Server. , -
, , " " (
" ") . 9.12.

. 9.12
136 9

, FTP-
( A, Ftp-
) . 9.13.

. 9.13

:
! .
.
-
eMule ( p2p-). -
... : , -
( , ,
) -
, (Outpost Firewall).
-
, - .
, . ,
, -
 137

, . ,
IP- -
, -
: IP- ( , , -
) . 9.14.

. 9.14

whois- -
:
239.255.255.250 ip: 239.255.255.250
IP- (IP Whois)

OrgName: Internet Assigned Numbers Authority

OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
138 9

NetRange: 224.0.0.0 239.255.255.255

CIDR: 224.0.0.0/4
NetName: MCAST-NET
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

# ARIN WHOIS database, last updated 2008-11-03 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

SSDP (Simple Service Discovery Protocol).
SSDP .
Universal plug-and-play. SSDP
-
. UPnP-
.
" ", , , -
SSDP-. , -
, , .
, , , SSDP -
(. 9.15).
 139

. 9.15

,
:
1. ( | | regedit).
2. :
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectPlayNATHelp\
DPNHUPnP.
3. :
Value name: UPnPMode
Data type: REG_DWORD
Value data: 2

, ( -
SSDP , -
), () !
. :
eMule ?
. : -
, , . -
.
140 9

, , ,
"" eMule -
, -
.
IP-
, .
...
: "" ( -
) Joiner- ().
, - -
, ,
. - -
. , -
Radmin, ,
(,
, ). , , -
( ), . -
. .
"",
.
, , -
MicroJoiner. (-
- ).
1.exe. -
WinRAR (-
). -
text.txt ( :
"!") , SFX-
(. 9.16).
- -
, ,
text.txt (. . "!").
sfx- %SystemRoot%\system32\
notepad.exe text.txt (. 9.17).
2.. -
" !".
, , (. 9.18).
Joined.exe (, -
, -) . 9.19.
 141

. 9.16

. 9.17
142 9

. 9.18

. 9.19

, ,
.
: "!" " !". ,
, Joined.exe (. 9.20).

. 9.20

! -.
, , , , , -
...
 143

, , -
.
Radmin -
. .
, , .
, ,
""...
, -
,
.
, , !
, .
, , -
, .
, , .
"" , -
, (
)... , -
, -, ,
, . , -
: - ""
.

. "", , -
, . Klavik
keylogge ( www.klavik.com).
. klvk.exe (,
600 ) . 9.21.
( )
klvkh.exe.
, .
, klvkh.exe (. 9.22).
- ,
:
svchost.exe,
svchost...
144 9

. 9.21

-
- . ! -,
. -,
FTP-, .
. -
Elite Keylogger. . ,
, ,
.
:
http://www.widestep-keyloggers.com/elite-keylogger-ru
( ) Elite Keylgger -
(. 9.23).
 145

. 9.22

. 9.23
146 9

: - e-mail
FTP-; (
); ( ,
); ,
; -
; ; -
- ; -
...
" " ,
. 9.24.
Elite Keylogger - (. 9.25 9.26).

. 9.24
 147

. 9.25

. 9.26
148 9
 10

-
. : -
?
, , -
-
.
. ZyEL ( -
)?! ! ,
,
, , :
, ...
, . .
( , )! -
, -
? ,
, -
. -
. , ,
, -
. , IP- -
- ( )?!
-?
?!
: -
? : , ! ! !
?
150 10

,
,
IP-.
. , -
, , -
, -
, ,
. -
? . -
, ,
, .
,
Windows XP.
, ! ,
, , . .
. -
: , -
!
, -

,
, . , -
. ,
" ". , -
, , -
SID (Security Identifier).
,
! -
Windows net share (. 10.1).
E:\ C:\Users
"" (share ) ,

. .
- -
,
(. 10.2).
(. 10.3).
 ? 151

. 10.1

. 10.2

. 10.3
152 10

,
( , , ,
. ). ,
, "" .
!!! -
"" .
, , -
"" ,
,
:
net share d$ /delete
net share c$ /delete
net share ADMIN$ /delete
net share IPC$ /delete

"-
" . ,

"" :. ,
,
: "!
, !".
: ,
. , .
. , ,
,
! , - -
.
, , -, -
- ,
...
-
,
" "
.
,
, . -
.
( 12 -
). , ,
.
 ? 153

- -
. : -
.
, -
-
- , ,
.
, , - " ". , "-
" , ,
.
.
"-", , -
, , , , -
, ,
...

25 ( ).
, . -
.
, -
... ,
, , -
. (" 25") -
. , -
( ),
, . -
, , -
, "-
" () . , -
""
hello. (
) ""
"" . ! . :
"" ( ) -
, ,
( , )
. , .
!
, :
, ( -
, , , . ""
154 10

! -,
. -
:
... -
, . -
. , -
, ! , -
... ,
. -
, .
( ). -
, .
, , , ,
, 25
IP-.
-
? ,
"" - -
. , ,
! ,
. , -

.
-
, -
.
( )?
( -
, )
:
! ... ""?
...
:
, : , . -, , ... (
).
- , ,
!
!
, ?
 ? 155

, , -
, ,
, . -
.
-
-
, " ",
.
, , -
-, -
-
().
: -
, ,
, -
, , ,
... () .
, -
. , , : -
, , . ,
, , , -
. ,
, , , , -
, .
,
(
).
, - -
, , , -
,
-
. , -
!
, , -
, ""
, . ,
,
"".
, .
, -
156 10

p2p- FlyLinkDC++.
( )
. 10.4.

. 10.4

,
. ,
FlyLinkDC++ "" -
, , -
.
"" ( )
,
(. 10.5).
, , ,
FlyLinkDC++ . ,
, "
".
 ? 157

. 10.5

, -
p2p, "-
" .
"", , " " (. 10.6).
, , ,
. -

. 10.6
158 10

,
... ,
. ! , , . .
.
,
-
. .
, , . .
, - .
, Windows 7 ,
""
. :
1.
.
2. .
3. regedit ( ).
4. HOST_KEY_ LOCAL_MACHINE,
.
5. , Windows :\,
: C:\Windows\System32\Config\System, -
.
6. 12345678 (
).
7. HOST_KEY_ LOCAL_MACHINE -
12345678.
8. setup.
9. (. 10.7).

. 10.7
 ? 159

10. SetupType, ,
: 2 .
11. CmdLine cmd.exe.
12. .
13. , HOST_
KEY_ LOCAL_MACHINE 12345678
.
14. ....
15. .
16. (
) :
net user "_" "__"

, .
17. -
.
, , -
, -
, "" ,
.
, , , -
.
-
, -
, , "-" -
ElcomSoft System Recovery
( -). -
Proactive System
Password Recovery.
: , -
,
. -
, .
, .
, , -
"", .
, -
, . , -
160 10

, -
!
. ,
( ,
), ,
"".
"" ( flag) "" " -
" , "" , -
"" .
, , -
Windows ( )
d.bat :
if exist flag goto end
del c:\" "\*.doc /S
del *.bat
:end

( Windows 7 -
) d.bat ,
, ,
(. 10.8 10.9).

. 10.8

,
Windows flag ( -
, -
), DOC
C:\ ( , . . /S), -
(. . ).
 ? 161

. 10.9

, , ,
flag, , .
, " ", -
, , ! -
, ,
. . UNIX-
cron.
"", , -
( ,
, ), -
,
... ,
, ,
?!
.

, , ,
,
.
162 10

, , ,
, -
( ) , ,
. , ,
- (
), -
, , ...
 11

. , -
, -
. . " ", -
, .
-
: . 25 "
", . 146 " " ,
. 272 " " ,
. 273 ",
" .
, ,
, ...
, -
...
, , -
, , ...
,
. -
, . ,
, . , , :
... , -
.
.
,
,
.
164 11

,
Webcam 7, webcamxp.com.
, ,
. , -
WebcampXP, , . .
.
-
. -
. , -
, -
.
, . -
, ,
, , , IP-.
,
.
. -
: (-, )
, IP-
(. 11.1).

. 11.1
 165

-, -

, .
-
: , ,
.

(. 11.2), - (. 11.3).

. 11.2

, , ,
. (. 11.4).
: ,
(. 11.5),
Multi view (. 11.6).
166 11

. 11.3

. 11.4
 167

. 11.5

. 11.6
168 11

- Gallery, -
-
(. 11.7).

. 11.7

( )
(. 11.8).
IP- , ,
, . 11.9 (
192.168.0.20, video1.mjpg,
).
IP-, , (. 11.10).
 169

. 11.8

. 11.9
170 11

. 11.10

, !
, - ,
(, ) .
. -
( -
) . 11.11.
, ,
, , SMS
.
(. 11.12).
 171

. 11.11

, ,
,
. -
(. 11.13).
Webcam, ,
. , . .
-
, .
, -
, , -
:
1.
( -
OutPost, PC Tools Firewall Plus, PrivateFirewall,
).
172 11

. 11.12

. 11.13
 173

2. host ( Windows 7 \Windows\system32\drivers\

etc\, UNIX- \etc) :
127.0.0.1 webcamxp.com
127.0.0.1 http.webcamxp.com

webcamxp.com
http.webcamxp.com ,
. . 127.0.0.1 . -
, .
, -
.
, host Windows 7 -
,
" ",
...
: ,
Webcam (, -
). , IP-
, Skype. , "-
" Skype ,
, , "".
Skype. , -
, , .
174 11
 12

12.1. .

, , .
, .
-
. ( - -
) :
 , ;
 ;
 , -
;
 ;
 , ;
 ;
 VPN;
 -
;
 , .
? :
" , -
".
176 12

, :

, ;
 , ,
;
 , -
( ""), , -
,
.
-
-
( ,
). . -
"
" , . -
: -, ,
"", -, , -
, , ,
.
, ,
:
 ( -
);
 ( , , -
, -
);
 ( -
, , -
,
,
);
 (
, );
 ( , -
, -
, -

);
 ( ).
 177

, . -

, , . . -
" ". , -
, -
( ) .
"" Java, Windows, PDF . ., - -
"",
Chrom Opera, Internet
Explorer "" .
-
, (. 12.1):

( )

...,
( ).

()

. 12.1
178 12

, : ,
?! ,
, , ?

?
1. . -
.
. , -
, .
2. :
( , -
, -


, ,
, );
:
, ;
- , -
,
, -
; ,
;
; -
" ";
,
, -
; -
, .
, .
, , , -
. .
, , -
, -
. -
,
. , -
, " ". !
 179

12.2.

, - -
. , - ...
? ! - , -
. -
.
- , -
.
, , , -
. , , . .
. -
,
, JScript, VBScript, Powershell
LogParser, . . Windows ,
Microsoft, SQL,
Windows. ,
, Windows,
, .

"" "" ,
" " . . ,
, .
, , -
,
, . . -
,
.
.
,
, , WinPatrol (. 12.2).
, cookies-, ActiveX, -
( ), ,
. . .
-
. , -
.
, . 12.3.
180 12

. 12.2

. 12.3

. 12.4 , -
( ).
Windows -
Microsoft Baseline Security Analyzer (MBSA)
. 12.5.
(. 12.6).
 181

. 12.4

. 12.5
182 12

. 12.6

Microsoft
(. 12.7).

. 12.7

, -
(. 12.8).
, , ,
,
 183

, , -
,
(. 12.9).

. 12.8

. 12.9
184 12

Windows Security Task Manager (http://
www.neuber.com/taskmanager/russian/index.html).
, ,
, , -
(. 12.10).

. 12.10

Security Task Manager

(. 12.11).

. 12.11
 185

-
. , Kaspersky
Security Scan :

: (: 2)
27.08.2014 1:36:59
http://www.securelist.com/ru/advisories/47009 c:\Program
Files\GRETECH\GomPlayer\GOM.exe
27.08.2013 1:37:46
http://www.securelist.com/ru/advisories/53520 c:\Program
Files\QuickTime\QuickTimePlayer.exe
,
.
1. " "
2. " "
3. " CD/DVD"
4. " "
5. " -
"
6. "Microsoft Internet Explorer: URL-"
7. "Microsoft Internet Explorer: , -
"
8. "Microsoft Internet Explorer: "
9. "Microsoft Internet Explorer: -
"
10. ": -
"
11. "Microsoft Internet Explorer: "

"
?" -
! , -
. ,

, -
. ,
, , .
,
,
-
.
186 12

, -
. UNIX- -
( Norton Ghost, Acronis). -
, . . -
,
" ".
Windows security\templates -
Windows ( ).
, "" -
Windows. " -
"... -
,
( ,
). -
" Windows" ( -
: ). Windows
, -
.

12.3. ,


, "" , , -
, -
, . . , .
,
.
-
, , ,
, : .
,
. ! ! -
.
. , -
( ) Avast
(http://www.avast.ru/index) . 12.12.
. -
"" -
 187

, . -
Dr.Web CureIt (http://www.freedrweb.com/cureit). -
, . . ,
.

. 12.12

-
(" "): http://support.kaspersky.ru/special/
utilities. , () "-
".

Micro-
soft Microsoft Security Essentials (http://windows.microsoft.com/ru-ru/
windows/security-essentials-download). -
, ?!
, , -
() , -
188 12

. -
,
( ),
. ,
, .
,

: , -
, ,
, .
, -
, -
" " (http://www.simplewatcher.ru)
. 12.13.

. 12.13

,
- (. 12.14).

. 12.14

( ), . .

. , ,
 189

, ,
. . ,

.
,
, , .
.
.
, -
, Windows 7, sfc
/scannow (. 12.15).

. 12.15

, -
:
sfc /verifyonly

-
, . . -
.
190 12

,
"" ""
. , Avast, -
. ,
, . . -
, BIOS

Anti-Virus Protection, Boot Sector Protection, Fixed Disk Boot Sector . .
.
,
-
, " ", "Dr. Web".
.
Avira Free Antivirus
(. 12.16).

. 12.16

" " -
-
,
 191

(
, ).
-
. , Advanced Registry
Tracer (Elcomsoft Co. Ltd.) -
(. 12.17).
, (. 12.18).

. 12.17

. 12.18
192 12

, , -
Advanced Registry Tracer: -
?! , .
Microsoft Attack Surface
Analyzer, -
. -
. :
, , , ActiveX, -
.

12.4.
,
, , -
( ). -
, -
"", . -
, , . ,
, , -
(. 12.19).

. 12.19
 193

Windows 7
, Windows -
.
.
. 12.20 "-
" HASP LLM. Hasp-, -
( -
). -

. :
( ) -
, Hasp-?

. 12.20

, , -
- (Wi-Fi-),
,
.
-
,
.
, : -
, ,
IP- -
194 12

(NAT)? -
, .
, ,
... "" -
, . ,
:
, . 12.9.
, -
, " ".
, . -

. , - , .
,
, , , -
( ).
, -
, ,
Outpost Firewall Agnitum (http://www.agnitum.ru/products/
outpost/) . 12.21.

. 12.21

,
(. 12.22).
, -
!
 195

. 12.22

(. 12.23).
(. 12.24).

. 12.23
196 12

. 12.24

" " "" -

(, ),
(. 12.25).
Outpost Firewall IP-,
(. 12.26).
 197

. 12.25

. 12.26
198 12

-
(. 12.27).
-
(. 12.28).

. 12.27

. 12.28
 199

-
Outpost Firewall ,
.
, : -
, , -
, .
, ,
.
-
. , -
( )
, (
) .
, . .
, . . " " .
-
, , , "" -
.
,
. -

. -
, , -

.
-
, , -
, . -
,
.
. .
, , -
, ,
- . -
.

, ,
IIS Microsoft. ,
200 12

,
(urlscan), .
-, -
-. ( )
DNS- ( dynamic DNS ),
, , .
. 12.29 .

. 12.29

, -
80, . . .
2013 . -
. -
IP-
.
-, 2012 , . -
IP- , -
(, , )
.
 201

12.5.
,

, ,
, :
 , -
;
 -
, - -
;
 , , -
, .
, -
,
, !
" " . -
, ""
, .
,
,
, , -
. .
.
, -
, ,
.
, -
, , ,
, -
( ). , !
, -
, -
.
90- -
, " " -
.
202 12

-
. -
, -
, .
, ,
-
. .
. ! -
!

, . , ! -
! ! ,
, . , ,
! .
, , -
...
( ), , , , ,
... , ... -
.
,
...
, , -
,
Novell Netware.
, , -
, "" () -
.
, , -
! .
!

,
.
. , -
. , . . -
Supervisor ( Novell Netware), -
. !
, .
,
, . -
. : "
 203

- -, - -...
...".
, - -
( ?).
.
,
. ! - ,
! :
.
,
, - .
!
! , , -

, .
. , -
-, ,
...
, !
, , , . ,
...
, ,
.
, ,
-
, .
"", "", " "
, (. 12.30).
(. 12.31).
Buhs , -
, () -
. -
Buhs ,
, . -
.
,
, -
.
204 12

. 12.30

. 12.31
 205

, . . -
, ,
, . .,
.

, , -
,
.

, , -
.
, -
! ! -
( ) ,
"" - ...
, , ----- ! ?!
-
- ,
"" " SecretNet". -
, . -
-
Windows, .
,
. ,
, ,
Word, Excel, .
-
. , -
Windows 7, :
gpedit.msc.
-
| |
Windows
(. 12.32).
, -
,
: winword.exe, excel.exe, notepad.exe,
calc.exe (.12.33).
206 12

. 12.32

, -
.
, ,
Windows 7 gpedit.msc, ,
. , !
, . , -
, ( ),
.
. -
(. 8).
gpedit.msc?
, Windows 7. -
: Ultimate, Professional Enterprise.
? , .
, , , . -
!
 207

. 12.33

. , -
( ):
1. , , gpedit.msc -
. , -
, .
2. Advanced
Registry Tracer .
3. . -
, ,
. .
4. . -
( Advanced Registry Tracer). -
( ).
,
.
208 12

5. ,
.
6. , , .
,
.
.
, , , -
-
, , -
.

"Group Policy Settings Reference for
Windows and Windows Server", :
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=25250

12.6.
""
"" - (-
)
- .

, "-
"!
, .
, -

(""). -
(. 12.34
12.35).
.
. -

. 12.34
 209

. 12.35

, -
. , ,
, . -
,
.
" "
, "" MAC-,
, QSS (Quick Secure Setup), -
, , -
-
...
, , " ",
-
. , -
- (" " ),
.
"" , -
,
.
: "PSK password", ,
:
 12 ( );
 -
;
 , .
, -
.
210 12

12.7. VPN
VPN Virtual Private Network, () .
, -
(PDN Public Data Network, ).
, ,
.
VPN -
. , , - -
, VPN Tor, .
, , ,
,
VPN.
,
VPN, , -
. 9 -
.
TeamViewer
VPN. -
| | | -

VPN (. 12.36).
-
VPN (. 12.37).
VPN-,
(. 12.38).
VPN-
TeamViewer, . , -
.
VPN Windows Linux
, -
.
IPSec.
IPSec ( ) -
.
.
IPSec , , VPN-
Cisco:
Cisco, CiscoSecure PIX, CiscoVPN...
 211

. 12.36

. 12.37
212 12

. 12.38

12.8.

10 ,
() -
.
, - , -
"", -
, -
.
, -
, , -
"1:", -,
mail-, , . .
 213

, -

"" ( ).
, , -
, 99%
.

1. , , -
, ( -
)! , , ,
(, -, -...). -
.
2. , ,
.
3. - - -
, ! , ,
! , -

. -
!
, -
. -
,
.
4.
(, ) "" , ,
!
5. (!!!) -
,
! ,
,
... , "
".
6. ,
!
7. " " : -
, . , ,
. , -
.

,
, , .
214 12

, 1, . . ,
! , , ,
"" ,
!
, , ,
.
! , ... - , -
, - -
, , : " -
, !
, ,
, !" !
: " -?! -
, ".
: , -
? ? ,
? -
? ? : (-
, , )... !
, , -
: ? , , -
? , -
?!
! -
! ? -
, ! , -
! !

2011 2012 , Positive Technologies (http://www.
ptsecurity.ru/ ""),
-
, .
, ,
-
.
,
- ?
! , ,
.
 215

, ,
, !

12.9. ,

, , -
,
(. ).
( -
"",
, -
: , , .), -
UAC (User Account
Control ) Windows,
.
( , ):

,
, . . , -
. Google " -
Windows?", -
: , UAC, -
, . .
UAC , -
: ", , -
, .
, . . ".
! UAC "-
". "" -
Windows . UAC,
. "" -
, Acrobat Reader, -
. , Acrobat Reader -
-... UAC , -
! ,
, , -
... ( ?).
"" ? -
, , ,
Java, ,
, , -
, Windows.
, -
216 12

Java. , -
, , , -
-. -
. -
- , . .
"" .
, UAC -
, "" . -
""
.
, "" "-
" , : -
.
:
 ;
 , -
, "" ;
 , , -
;
 " Windows" (
);
 "" .
, " " ,
(
" ", " "
"").
-
, :
 "" "";
 , -
;
 ,
"";
 "", ,
" " ;
 , .
, . . -
, . "" -
"oshost.exe",
"system", . -
( ).

,
Windows. , Piriform CCleaner
"" (. 12.39).
 217

. 12.39

, "oshost.exe" Windows,
. . . ,
"zaxar Game browser", (
"\AppData\Local\Shedule\"). -
. , Win-
dows - "", -
. ,
Windows, "Shedule consumer dialogue" -
, -
.
USB- -
. -
.
, : -
, .
, .
.
! , ,

! , -
, , ,
, (
:-), ), . -
. -
, . !
, ,
218 12

,
.
, ,
.

,
"oshost.exe", . . , ,
"" (. 12.40).

. 12.40

-
( -
) (. 12.41).
,
, -
... ! -
- , , ...
. -
, ,
 219

, -
, ,
. -
, peer-to-peer
( 10).

. 12.41

,
" ", "", "",
" ", "", "" . . -
WebMoney . .
, ,
, .
Google Chrome
- " -
", , -
- .
Total Commander -
C:, ,
"" .

c:\Users\*****\AppData\Local\Google\Chrome\UserData\Default\databases\chrom
e-extension_jaocgokledfmfebefgbeokdodbbdjhdd_0\2
:
c:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\
favicons :
http://www.google.ru/#fp=309b8084e668c972&lr=lang_ru&newwindow=
1&psj=1&q=%22top-blogger-ru.mcdir.ru%22+%22w-vila.ru%22&tbs=
lr:lang_1ru
, jaocgokledfmfebefgbeokdodbbdjhdd -
Chrome (. 12.42).
220 12

. 12.42

.
,
" " ,
"" "", , "".
, " -
" .
, .

, . -
,
IT-.
: UNIX Windows? ,
, , : !!! , -
!
Windows , -
, .


-
,
:
 -;
 ;
 .

, . , -
InetCrack ( Naviscope) -
HTTP-. ,
: , ,
.
.
, -
, , -

. -
,
. -
, -
.
, ,
" " .
-
.
222

, ,
, ,
.
: , . -
,
...
, . ,
UNIX-1, , "" -
"" :

- . -
, , .
-
, . , -
, , ...
, -
. , -
, . -
, ,
.

1
., ., ., . Unix Linux: -
. 4- . .: , 2012.


Wi-Fi-

TP-LINK
-
(. 1).

. 1

,
(SSID). ,
(. 2).
224

. 2

, -
. -
, . . .
, , -
WPA2-PSK, , ( -
) . 3.
 Wi-Fi- 225

. 3

Fi-Wi- MAC- (. 4).

MAC- ( ) -
Windows,
ipconfig /all

, , ,
, Ethernet
( ) Wi-Fi ( -
). . 4 MAC- Wi-Fi--
(Wireless).
226

. 4

Wi-Fi ,
MAC- , -
(Disabled).
(
System Tools | System Log)
.
, Wi-Fi-
,
(. 5).

IP-, ,
.
(. 6).
 Wi-Fi- 227

. 5

. 6
228

(. 7).

( MAC-) . 8.

. 7

--
, ( 0.0.0.0 , -
) . 9.
 Wi-Fi- 229

. 8

. 9
230

Access Control -
. , , -

(. 10).

. 10

IP- (. 11).
IP- ,
(. 12).

. 11
 Wi-Fi- 231

. 12

(
),
, , .
, , -
. -
8 18 (. 13).

. 13
232

, -
,
.

. ,
(. 14).

. 14

, ,
, . -
, -
.