SlideShare a Scribd company logo

Wardriving & Kismet Introduction

Download as PPTX, PDF
Lance Howell, profile picture
Lance Howell

Kismet is an open source wireless network analyzer used for wireless reconnaissance and wardriving. It passively monitors wireless traffic and extracts information on access points and clients including BSSID, encryption status, channel, manufacturer, and GPS location. Kismet logs data in various formats like text, CSV, XML and pcap files which can be analyzed using tools like Excel or imported into mapping software to visualize wireless network activity geographically. System administrators can use Kismet to troubleshoot wireless network performance issues while security analysts use it to evaluate network security and detect potential threats.

Technology
1 of 30
Downloaded 181 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Wireless Security, Wardriving, and Detecting Rogue Access Points Using Kismet Wireless ScannerBy: Lance Howell
Wireless SecurityWEP (Wired Equivalent Privacy)WPA (Wi-Fi Protected Access)WPA2 (Wi-Fi Protected Access version 2)
Weaknesses in WEPOlder Equipment and devicesSupports no keys or a shared key management system. You have to manually change your keysThe Initialization Vector (IV) is too short and sent in clear textIVs are staticNo cryptographic integrity protection is implemented
Weakness in WPAUsing short Pre-shared Keys (PSK)Dictionary Attacks
ReconnaissanceFirst Popular Software NetStumblerWindowsMacNo Linux Based VersionKismet Popular for professionalsLinux version Windows called Kiswin v 0.1 Last Update 2005
Reconnaissance continuedUse the software to listen to trafficAccess Points (AP) BroadcastSSIDEncryption StatusRather it is Broadcasting or notAP InformationGPS InformationMap Locations
SniffingPassive and Undetectable to Intrusion Detection Systems (IDS)Attackers can Identify Additional Resources that can be CompromisedAuthentication TypesUse of Virtual Private Networks (VPN), Secure Sockets Layer (SSL), and Secure Shell (SSH) helps protect against wireless interception
Spoofing and Unauthorized AccessDue to TCP/IP Design, there is little that can be done to prevent Media Access Control/IP (MAC/IP) Address SpoofingStatic Definition of MAC Address Tables can this attack be preventedStaff must be diligent about logging and monitoring those logs to try to address spoofing attacks so they can be identified.
Kismet and WardrivingInfo. Gathering, Analysis And Research
IntroductionsConsole-based wireless analysis toolPassive; captures traffic from wireless cards in monitor modeObserves activity from all networks within rangeWardriving tool of choiceWardriving is legalIncluded in Backtrack 4 ready to run and use
VersionsStableDevelopmentalNewcorePurposeReconEnumeration
Objectives of KismetLocate and Identify AP(s)BSSID, ESSID, Channel and EncryptionGPS dataAnd more…Locate and Identify Client(s)MAC AddressManufacturersSpectrum AnalysisDrones/Open-Source WIPS
Data ObtainedText (txt)Comma Delimited File (CSV)XMLGPS PcapNetXML
LOG Files
Netxml Logging FileCan be imported into Excel for post-processing analysisRename to “.xml”, select “read-only workbook” when openingRequires Internet access to download Kismet DTD file Allows you to graph results, add details for additional analysis
Reporting on AP Uptime“=U267/(1000000*(60*60*24))”
StartupKismet will prompt to start the Kismet Server at startupOnce the Kismet server has started, you will be prompted for the first packet source
Kismet SourcesSpecify the available wireless interface as a packet source“wlan0, “wlan1”, etc.Kismet will identify the needed information, place the interface in passive capture modeAdd as many sources as you want from Kismet Add SourceCan also specify libpcap wireless packet capture files as sources
Kismet Newcore Screenshot
PluginsPlugin architecture to extend functionalityDistributed with Kismet: Aircrack-PTW, SpectoolsThird-Party: DECT wireless sniffingKismet PluginsStatus of plugins, version informationEnable or disable UI pluginsSee list of Kismet Server plugins
Extending KismetDevice Manufacturer NameKismet relies on Wireshark’s “manuf” file to identify manufacturersFile can be updated with make-manuf script (not distributed with BT4)# wgethttp://anonsvn.wireshark.org/wireshark/trunk/wka.tmpl# wgethttp://anonsvn.wireshark.org/wireshark/trunk/manuf.tmpl# wgethttp://anonsvn.wireshark.org/wireshark/trunk/make-manuf# perl make-manuf# mvmanuf /usr/share/wireshark
Graphical RepresentationGpsmap (old)PykismetKismet-earthKisgearth
GISKismentBuilding Visual Representations of Kismet dataCorrelate information in databaseGraphically represent information Filter out non-useful information
GISKismet- FiltersInput FiltersAP configuration dataQuery filters on any informationAP configurationClient informationGPS coordinate(s)Filter InputInsert all AP(s) on channel 6 named LinksysFilter OutputOutput all AP(s) without encryption
Tips on Protecting the NetworkUse an External Authentication SourceRADIUSSecurIDProtect MAC Spoofing: Use a Secure Connection for all Host Services Accessed by the NetworkSSHSSLUse a Dynamic Firewall
System AdministratorsPoor performance on the wireless network complaintThings to observe:What AP are the clients connecting to?Are all AP’s properly configured?Lots of retries indicating poor connections or noiseLots of missed beacons indicating noise or faulty APsWhat channels are being utilized?
Retries are normal in small numbers; more than sustained 10% is a problem
Signal and Noise/ChannelPacket Rate (Real Time)Data Frames (Cumulative)Networks Count (Yellow is historic, green is currently active)Detail View (Scroll with arrow keys)
AuditorsAre the networks configured per specification?SSID cloaking enabled/disabled?Appropriate encryption and authentication settings?Are there unencrypted networks (when there shouldn’t be)?Kismet walkthrough while channel hopping, post-processing analysis.
Security AnalystsNetwork discovery & analysisAre there open Aps or weak crypto?What are the clients on the network?What kind of EAP types are in use?Post-processing data evaluationThird-Party tools with Kismet pcap files, XML records, nettxt summaries

More Related Content

PPTX
Kismet
Nilesh Pawar
 
PDF
Android Security & Penetration Testing
Subho Halder
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
PPT
IDS and IPS
Santosh Khadsare
 
PPTX
Understanding Application Threat Modelling & Architecture
Priyanka Aash
 
PPTX
Intrusion prevention system(ips)
Papun Papun
 
PPTX
Packet sniffers
Kunal Thakur
 
PPTX
Understanding NMAP
Phannarith Ou, G-CISO
 
Kismet
Nilesh Pawar
 
Android Security & Penetration Testing
Subho Halder
 
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
IDS and IPS
Santosh Khadsare
 
Understanding Application Threat Modelling & Architecture
Priyanka Aash
 
Intrusion prevention system(ips)
Papun Papun
 
Packet sniffers
Kunal Thakur
 
Understanding NMAP
Phannarith Ou, G-CISO
 

What's hot (20)

PDF
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
PPTX
Cyber kill chain
Ankita Ganguly
 
PDF
DNS Attacks
Himanshu Prabhakar
 
PPT
Evolution of the cloud
sagaroceanic11
 
PDF
Next Generation War: EDR vs RED TEAM
BGA Cyber Security
 
PDF
VPN - Virtual Private Network
Peter R. Egli
 
PDF
Topics in network security
Nasir Bhutta
 
PPSX
Introduction to threat_modeling
Prabath Siriwardena
 
PPTX
Siem ppt
kmehul
 
PPT
firewall.ppt
ssuser530a07
 
PPTX
Information Security Risk Management and Compliance.pptx
Abraraw Zerfu
 
PDF
Cross site scripting attacks and defenses
Mohammed A. Imran
 
PPTX
Android security
Midhun P Gopi
 
PPTX
Network security
Madhumithah Ilango
 
PDF
JavaScript for Hackers.pdf
slideshareadmin2
 
PPTX
MITRE ATT&CK framework
Bhushan Gurav
 
PDF
Privacy and Security in Online Social Media : Privacy and Social Media
IIIT Hyderabad
 
PPTX
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
PPTX
Kali Linux
Chanchal Dabriya
 
PDF
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Cyber kill chain
Ankita Ganguly
 
DNS Attacks
Himanshu Prabhakar
 
Evolution of the cloud
sagaroceanic11
 
Next Generation War: EDR vs RED TEAM
BGA Cyber Security
 
VPN - Virtual Private Network
Peter R. Egli
 
Topics in network security
Nasir Bhutta
 
Introduction to threat_modeling
Prabath Siriwardena
 
Siem ppt
kmehul
 
firewall.ppt
ssuser530a07
 
Information Security Risk Management and Compliance.pptx
Abraraw Zerfu
 
Cross site scripting attacks and defenses
Mohammed A. Imran
 
Android security
Midhun P Gopi
 
Network security
Madhumithah Ilango
 
JavaScript for Hackers.pdf
slideshareadmin2
 
MITRE ATT&CK framework
Bhushan Gurav
 
Privacy and Security in Online Social Media : Privacy and Social Media
IIIT Hyderabad
 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Kali Linux
Chanchal Dabriya
 
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Ad

Viewers also liked (20)

PPT
Wardriving
Sajan Sahu
 
PPTX
Wardriving
Sumit Kumar
 
PPTX
WarDriving - Stockholm October 2013
Gabor Sebastiani
 
PDF
Wardriving 101
n|u - The Open Security Community
 
PPTX
Wardriving
Monika Deswal
 
PDF
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
PDF
WLAN
Vinicius Marangoni
 
PPTX
ZaCon 2015 - Zombie Mana Attacks
SensePost
 
PPTX
UPC router reverse engineering - case study
Dusan Klinec
 
PDF
WardivingHackedBussinesWifi
Adul Andreas
 
PPTX
Improvement in Rogue Access Points - SensePost Defcon 22
SensePost
 
PDF
Introducing (DET) the Data Exfiltration Toolkit
SensePost
 
PPTX
Why Every Engineer Needs WLAN Packet Analysis
Savvius, Inc
 
PPTX
Wireless Attacks
primeteacher32
 
PPTX
Network Analysis Tips & Tricks with Omnipeek
Savvius, Inc
 
PDF
Capturing 802.11ac Data
Savvius, Inc
 
PPTX
Network Forensics Backwards and Forwards
Savvius, Inc
 
PDF
Spectrum management best practices in a Gigabit wireless world
Cisco Canada
 
PDF
Using WireShark with AirPCAP
David Sweigert
 
PPTX
Wi fi-stress-test
Michal Jarski
 
Wardriving
Sajan Sahu
 
Wardriving
Sumit Kumar
 
WarDriving - Stockholm October 2013
Gabor Sebastiani
 
Wardriving 101
n|u - The Open Security Community
 
Wardriving
Monika Deswal
 
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
WLAN
Vinicius Marangoni
 
ZaCon 2015 - Zombie Mana Attacks
SensePost
 
UPC router reverse engineering - case study
Dusan Klinec
 
WardivingHackedBussinesWifi
Adul Andreas
 
Improvement in Rogue Access Points - SensePost Defcon 22
SensePost
 
Introducing (DET) the Data Exfiltration Toolkit
SensePost
 
Why Every Engineer Needs WLAN Packet Analysis
Savvius, Inc
 
Wireless Attacks
primeteacher32
 
Network Analysis Tips & Tricks with Omnipeek
Savvius, Inc
 
Capturing 802.11ac Data
Savvius, Inc
 
Network Forensics Backwards and Forwards
Savvius, Inc
 
Spectrum management best practices in a Gigabit wireless world
Cisco Canada
 
Using WireShark with AirPCAP
David Sweigert
 
Wi fi-stress-test
Michal Jarski
 
Ad

Similar to Wardriving & Kismet Introduction (20)

PPTX
Wireless Security null seminar
Nilesh Sapariya
 
PPT
5169 wireless network_security_amine_k
Rama Krishna M
 
PDF
modul2-footprintingscanningenumeration.pdf
tehkotak4
 
PPT
Modul 2 - Footprinting Scanning Enumeration.ppt
cemporku
 
PPTX
Nmap & Network sniffing
Mukul Sahu
 
PPTX
Pentesting layer 2 protocols
Abdessamad TEMMAR
 
PDF
Fudcon 2015...Wireless: From Basics to Internals
Kiran Divekar
 
PPT
Network security
Greater Noida Institute Of Technology
 
PPT
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
PPTX
17.) layer 3 (advanced tcp ip routing)
Jeff Green
 
PPT
Chapter 12
cclay3
 
PPT
Websecurity
Merve Bilgen
 
PPT
cyber forensics-ethical hacking- wireless-hacking.ppt
jayaprasanna10
 
PPTX
Wireless hacking
Mihir Shah
 
PPT
an_introduction_to_network_analyzers_new.ppt
Iwan89629
 
PDF
Defcon 23 - Chris Sistrunk - nsm 101 for ics
Felipe Prado
 
PPT
Intro To Hacking
nayakslideshare
 
PPTX
Palo Alto Networks PAN-OS 4.0 New Features
lukky753
 
DOCX
Certified Ethical Hacker quick test prep cheat sheet
David Sweigert
 
PPTX
Wireless network security
Vishal Agarwal
 
Wireless Security null seminar
Nilesh Sapariya
 
5169 wireless network_security_amine_k
Rama Krishna M
 
modul2-footprintingscanningenumeration.pdf
tehkotak4
 
Modul 2 - Footprinting Scanning Enumeration.ppt
cemporku
 
Nmap & Network sniffing
Mukul Sahu
 
Pentesting layer 2 protocols
Abdessamad TEMMAR
 
Fudcon 2015...Wireless: From Basics to Internals
Kiran Divekar
 
Network security
Greater Noida Institute Of Technology
 
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
17.) layer 3 (advanced tcp ip routing)
Jeff Green
 
Chapter 12
cclay3
 
Websecurity
Merve Bilgen
 
cyber forensics-ethical hacking- wireless-hacking.ppt
jayaprasanna10
 
Wireless hacking
Mihir Shah
 
an_introduction_to_network_analyzers_new.ppt
Iwan89629
 
Defcon 23 - Chris Sistrunk - nsm 101 for ics
Felipe Prado
 
Intro To Hacking
nayakslideshare
 
Palo Alto Networks PAN-OS 4.0 New Features
lukky753
 
Certified Ethical Hacker quick test prep cheat sheet
David Sweigert
 
Wireless network security
Vishal Agarwal
 

Recently uploaded (20)

PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Modernising the Digital Integration Hub
Daniel Toomey
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 

Wardriving & Kismet Introduction

  • 1. Wireless Security, Wardriving, and Detecting Rogue Access Points Using Kismet Wireless ScannerBy: Lance Howell
  • 2. Wireless SecurityWEP (Wired Equivalent Privacy)WPA (Wi-Fi Protected Access)WPA2 (Wi-Fi Protected Access version 2)
  • 3. Weaknesses in WEPOlder Equipment and devicesSupports no keys or a shared key management system. You have to manually change your keysThe Initialization Vector (IV) is too short and sent in clear textIVs are staticNo cryptographic integrity protection is implemented
  • 4. Weakness in WPAUsing short Pre-shared Keys (PSK)Dictionary Attacks
  • 5. ReconnaissanceFirst Popular Software NetStumblerWindowsMacNo Linux Based VersionKismet Popular for professionalsLinux version Windows called Kiswin v 0.1 Last Update 2005
  • 6. Reconnaissance continuedUse the software to listen to trafficAccess Points (AP) BroadcastSSIDEncryption StatusRather it is Broadcasting or notAP InformationGPS InformationMap Locations
  • 7. SniffingPassive and Undetectable to Intrusion Detection Systems (IDS)Attackers can Identify Additional Resources that can be CompromisedAuthentication TypesUse of Virtual Private Networks (VPN), Secure Sockets Layer (SSL), and Secure Shell (SSH) helps protect against wireless interception
  • 8. Spoofing and Unauthorized AccessDue to TCP/IP Design, there is little that can be done to prevent Media Access Control/IP (MAC/IP) Address SpoofingStatic Definition of MAC Address Tables can this attack be preventedStaff must be diligent about logging and monitoring those logs to try to address spoofing attacks so they can be identified.
  • 9. Kismet and WardrivingInfo. Gathering, Analysis And Research
  • 10. IntroductionsConsole-based wireless analysis toolPassive; captures traffic from wireless cards in monitor modeObserves activity from all networks within rangeWardriving tool of choiceWardriving is legalIncluded in Backtrack 4 ready to run and use
  • 12. Objectives of KismetLocate and Identify AP(s)BSSID, ESSID, Channel and EncryptionGPS dataAnd more…Locate and Identify Client(s)MAC AddressManufacturersSpectrum AnalysisDrones/Open-Source WIPS
  • 13. Data ObtainedText (txt)Comma Delimited File (CSV)XMLGPS PcapNetXML
  • 15. Netxml Logging FileCan be imported into Excel for post-processing analysisRename to “.xml”, select “read-only workbook” when openingRequires Internet access to download Kismet DTD file Allows you to graph results, add details for additional analysis
  • 16. Reporting on AP Uptime“=U267/(1000000*(60*60*24))”
  • 17. StartupKismet will prompt to start the Kismet Server at startupOnce the Kismet server has started, you will be prompted for the first packet source
  • 18. Kismet SourcesSpecify the available wireless interface as a packet source“wlan0, “wlan1”, etc.Kismet will identify the needed information, place the interface in passive capture modeAdd as many sources as you want from Kismet Add SourceCan also specify libpcap wireless packet capture files as sources
  • 20. PluginsPlugin architecture to extend functionalityDistributed with Kismet: Aircrack-PTW, SpectoolsThird-Party: DECT wireless sniffingKismet PluginsStatus of plugins, version informationEnable or disable UI pluginsSee list of Kismet Server plugins
  • 21. Extending KismetDevice Manufacturer NameKismet relies on Wireshark’s “manuf” file to identify manufacturersFile can be updated with make-manuf script (not distributed with BT4)# wgethttp://anonsvn.wireshark.org/wireshark/trunk/wka.tmpl# wgethttp://anonsvn.wireshark.org/wireshark/trunk/manuf.tmpl# wgethttp://anonsvn.wireshark.org/wireshark/trunk/make-manuf# perl make-manuf# mvmanuf /usr/share/wireshark
  • 23. GISKismentBuilding Visual Representations of Kismet dataCorrelate information in databaseGraphically represent information Filter out non-useful information
  • 24. GISKismet- FiltersInput FiltersAP configuration dataQuery filters on any informationAP configurationClient informationGPS coordinate(s)Filter InputInsert all AP(s) on channel 6 named LinksysFilter OutputOutput all AP(s) without encryption
  • 25. Tips on Protecting the NetworkUse an External Authentication SourceRADIUSSecurIDProtect MAC Spoofing: Use a Secure Connection for all Host Services Accessed by the NetworkSSHSSLUse a Dynamic Firewall
  • 26. System AdministratorsPoor performance on the wireless network complaintThings to observe:What AP are the clients connecting to?Are all AP’s properly configured?Lots of retries indicating poor connections or noiseLots of missed beacons indicating noise or faulty APsWhat channels are being utilized?
  • 27. Retries are normal in small numbers; more than sustained 10% is a problem
  • 28. Signal and Noise/ChannelPacket Rate (Real Time)Data Frames (Cumulative)Networks Count (Yellow is historic, green is currently active)Detail View (Scroll with arrow keys)
  • 29. AuditorsAre the networks configured per specification?SSID cloaking enabled/disabled?Appropriate encryption and authentication settings?Are there unencrypted networks (when there shouldn’t be)?Kismet walkthrough while channel hopping, post-processing analysis.
  • 30. Security AnalystsNetwork discovery & analysisAre there open Aps or weak crypto?What are the clients on the network?What kind of EAP types are in use?Post-processing data evaluationThird-Party tools with Kismet pcap files, XML records, nettxt summaries

Editor's Notes

  • #3: WPA- Provides partial compliance in 802.11 Wi-Fi standard. Meant to be an intermediary between WEP and the new verison WPA2WPA2- Full 802.11 Wi-Fi Standard is implemented.
  • #9: Static Definition of MAC Address Tables: With the amount of resources that it takes to manage that system you have to decide of it is worth taking that approach.
  • #11: Wardriving is deemed legal by the FBI as long as you do not do anything to crack or break into the network. Since wireless signals are traveling over the air the companies have no expected rights to privacy.
  • #26: External Authentication: Prevent an unauthorized user from accessing the wireless network, and resources it connects with.Secure Connection for Host Services: Possible to require valid client certificates to access those resources. Even if they got into your network then they would be stopped at the critical systems.