Slashdot Mirror
Wi-Foo: The Secrets of Wireless Hacking
Wi-Foo requires a certain level of expertise, and it's unlikely that the book will be sold left and right or that everyone will want a copy. First of all, to do anything substantial you need to have Linux or FreeBSD operating system installed and know your way around it. Second of all, some knowledge of Perl is required to go through the script source code and enjoy occasional tools that appear on the Internet. The third required bit of knowledge is some familiarity with how wireless networks work and how one can gain advantage of those radio waves that seem to contain pieces of data.
The authors claim that one has little knowledge of wireless security unless he's done some war-driving. So, skipping the first two chapters (which talk about security in general), chapters 3, 4 and 5 take the reader through the hassle of setting up the Linux laptop with all the hardware and software needed to do successful war-driving. The last time I reviewed a book on getting wireless to work with Linux, you guys kept asking what card would work the best with a Linux laptop. To quote p. 28 of Wi-Foo, "if you're serious about 802.11 penetration testing, you should get a decent Prism chipset card. If you plan to base your security audit effort around the BSD platform, you probably cannot do without it. Prism chipset CF and PCMCIA cards are known to be produced by Addtron, Asante, Asus, Belkin, Buffalo, Compaq, Demark, D-Link, Linksys, Netgate, Netgear, Proxim, Senao, SMC, Teletronics, US Robotics, Zcomax and ZoomAir."
What follows could essentially be condensed into a single Web site with links to various Linux tools for network discovery, traffic analysis, encryption cracking, 802.1x cracking, frame generation and traffic injection. Kudos to the authors for providing sometimes detailed instructions on setting up the utility and getting the successful results out of it -- it's obvious that they did not just peruse the Web in search of what's available and provided a list of URLs; they installed, tested and reviewed all the Linux network security utilities listed in the table of contents. As much as many of the products and tools listed complement one another, it was useful for me to see the professionals' take on advantages and disadvantages of free tools out there. Wherever possible, the authors try to stick with free software, which makes the book a pretty useful guide for most enthusiasts out there.
The authors are serious about getting the reader to war-drive at some point, and chapter 8 specifically talks about generating wireless denial-of-service attacks as a last resort for a cracker, who seems to be in the bad mood when other methods of wireless penetration do not work. The books talks about antenna amplifiers and some hardware you might buy to be more successful in wireless hacking. They also discuss the possibilities of war-biking, war-walking and riding a hot air balloon.
By the time you're finished with the chapter 9, if your title includes words like "security" or "administrator," you will probably find yourself quite perplexed. That's where Part 3 (Defense) kicks in, as the authors discuss counter-measures against wireless cracking and possible steps one can take to secure the wireless network. It's not a typical don't-use-WEP-don't-broadcast-your-ID-don't-rely-o n-MAC-filtering preaching one can find in security manuals created for the home user (I am not saying those are bad -- for a home user they do provide necessary guidance in securing a WLAN). This is mostly industrial-level security, which might include multiple levels of protection, such as 802.11i implementation, implementing encryption around the wireless networks, creating hardware Linux-based gateways, deploying VPNs and intrusion detection systems. Setting up honeypots is missing from this list, although one can debate whether this could be considered a worthwhile project outside of academic world.
The book uses clear language and is easy to read. At the same time it takes a while to go through it, as you keep trying out the presented solution on your Linux laptop. The chapters that talk about the philosophical decisions when securing wireless LANs are helpful as well -- the authors occasionally get away from hands-on approach and talk about general principles to consider. Code examples are easy to follow, and every tool that's presented in the title is accompanied by the URL (for some reason Addison-Wesley did not include a CD with Wi-Foo); a large number of them point to sourceforge.net. All the links are available on the book's Web site; see the attack and defense sections.
If you should decide to take up a career as a wireless security consultant, Appendix G includes a variety of checklists and templates that the authors recommend for the corporate environment. Chapter 8 -- Breaking Through is available for free in PDF format. Overall I liked this book a lot. It seemed to concentrate on what's necessary without going into fluff and chapters like "History of radio" or "Linux on laptops for beginners." It's informative and easy to read; if you're an enthusiast, try out the free chapter and see if you like the authors' style, but if you're network admin or security professional, this book is almost a must. It's a combo of Exploiting Software and Hacking Exposed with specialization on wireless LANs.
You can purchase Wi-Foo from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
As well as being experts in the Wireless field, they also run a very good InfoSec company. www.arhont.com. Highly recommended if you want the view that the black hats would have of your networks.
Get your own free personal location tracker
WEP by itself sometimes is not enough, especially if you transfer a lot of data through your wireless network in a heavily congested wireless area. Someone can sit outside and analyze the collisions and deduce your key (I believe that's how it works). If you combine high-level WEP with MAC protection and do not broadcast your ID, the vast majority of people will not be able to get onto your network. Luckily, these three things are relatively easy to do if you RTFM. Changing your key every now and then is a good idea too. Of course, there is always the slashdot crowd to prove me wrong...
With a really decently long key? I've not heard of any compromises of WPA-PSK yet. WEP yes, WPA no.
I'm Rick James with mod points biatch!
Yes, a few things:
* Change the Key monthly or otherwise periodically.
* Even with all this, run encrypted protocols as much as possible SSH, SSL, etc. No clear text protocols
* Run a monitor on your access point to monitor against your MAC Address filtering list, send a trap when an unkown Mac address connects. By definition if you have a Mac address allow list you should be able to do this easily.
You are not entirely correct, it is possible to inject the traffic into the wep protected network. besides, it is even possbile to portscan the machines on the wep protected networks. e.g. http://sourceforge.net/projects/wepwedgie/
Joshua has released a tool to "recover" leap passwords a year ago...
http://asleap.sourceforge.net/