Previous Section  < Day Day Up >  Next Section

How This Book Is Organized

Practically every wired or wireless network security book available starts with an outline of the seven Open Systems Interconnection (OSI) layers, probably followed by explaining "the CISSP triad" (confidentiality, integrity, and availability), basic security principles, and an introduction to the technology described. These books also include an introductory chapter on cryptography normally populated by characters called Bob, Alice, Melanie, and of course, Eve, who tends to be an evil private key snatcher.

This book is different: We assume that the reader has basic knowledge of the OSI and TCP/IP layers, understands the difference between infrastructure / managed and independent / ad-hoc wireless networks as well as can distinguish between common IEEE 802 standards. Describing the basics of networking or detailed operations of wireless networks will constitute two separate books on their own, and such well-written books are easily found (for 802.11 essentials we strongly recommend the Official CWNA Study Guide and O'Reilly's 802.11 Wireless Networks: The Definitive Guide).

However, you'll find a lot of data on 802.11 network standards and operations here when outlining it is appropriate, often in form of the inserted "foundations" boxes.

Also, there is a cryptography part that isn't directly related to everything wireless, but is absolutely vital for the proper virtual private network (VPN) deployment, wireless users authentication, and other security practices outlined in the following chapters. We skimmed through a lot of cryptographic literature and have been unable to find anything written specifically for system and network administrators and managers to cover practical networking conditions taking into account the access media, bandwidth available, deployed hosts' CPU architecture, and so forth. Chapters 11 and 12 will be such a source and we hope it will help you even if you have never encountered practical cryptography issues at all or aren't an experienced cryptographer, cryptanalytic, or cryptologist.

We have divided the book into two large parts: Attack and Defense. Although the Attack half is self-sufficient if your only aim is wireless security auditing, the Defense part is heavily dependent on understanding who the attackers might be, why they would crack your network, and, most important, how it can be done. Thus, we recommend reading the Attack part first unless you are using Wi-Foo as a reference.

This part begins with a rather nontechnical discussion outlining the wireless security situation in the real world, types of wireless attackers, and their motivations, objectives, and target preferences. It is followed by structured recommendations on selecting and setting up hardware and software needed to perform efficient wireless security testing. We try to stay impartial, do not limit ourselves to a particular group of vendors, and provide many tips on getting the best from the hardware and utilities you might already have. After all, not every reader is capable of devoting his or her resources to building an ultimate wireless hacking machine, and every piece of wireless hardware has its strong and weak sides. When we do advise the use of some particular hardware item, there are sound technical reasons behind any such recommendation: the chipset, radio frequency transceiver characteristics, antenna properties, availability of the driver source code, and so on. The discussion of standard wireless configuration utilities such as Linux Wireless Tools is set to get the most out of these tools security-wise and flows into the description of wireless penetration testing-specific software. Just like the hardware discussion before, this description is structured, splitting all available tools into groups with well-defined functions rather than listing them in alphabetic or random order. These groups include wireless network discovery tools, protocol analyzers, encryption cracking tools, custom 802.11 frame construction kits, and various access point management utilities useful for access point security testing.

Whereas many "network security testing" books are limited to describing what kind of vulnerabilities there are and which tools are available to exploit them, we carry the discussion further, outlining the intelligent planning for a proper audit (or attack) and walking the reader step by step through the different attack scenarios, depending on the protection level of the target network. We outline advanced attack cases, including exploiting possible weaknesses in the yet unreleased 802.11i standard, accelerating WEP cracking, launching sneaky layer 2 man-in-the-middle and denial of service attacks, and even trying to defeat various higher layer security protocols such as PPTP, SSL and IPSec. Finally, the worst case scenario, a cracker being able to do anything he or she wants with a penetrated wireless network, is analyzed, demonstrating how the individual wireless hosts can be broken into, the wired side of the network assaulted, connections hijacked, traffic redirected, and the firewall separating wireless and wired sides bypassed. The Attack chapters demonstrate the real threat of a wireless network being abused by crackers and underline the statement repeated throughout the book many times: Wireless security auditing goes far beyond discovering the network and cracking WEP.

In a similar manner, wireless network hardening goes beyond WEP, MAC address filtering, and even the current 802.11i developments. The later statement would be considered blasphemy by many, but we are entitled to our opinion. As the Attack part demonstrates, the 802.11i standard is not without its flaws and there would be cases in which it cannot be fully implemented for various administrative and financial reasons. Besides, we believe that any network security should be a multilayered process without complete dependence on a single safeguard, no matter how great the safeguard is. Thus, the primary aim of the Defense part of the book is giving readers the choice. Of course, we dwell on the impressive work done by the "i" task force at mitigating the threats to which all pre-802.11i wireless LANs are exposed. Nevertheless, we spend a sufficient amount of time describing defending wireless networks at the higher protocol layers. Such defense methodologies include mutually authenticated IPSec implementations, authentication methods alternative to 802.1x, proper network design, positioning and secure gateway deployment, protocol filtering, SSL/TLS use, and ssh port forwarding. The final chapter in the book is devoted to the last (or first?) line of defense on wireless networks, namely wireless-specific intrusion detection. It demonstrates that wireless attackers are not as untraceable as they might think and gives tips on the development and deployment of affordable do-it-yourself wireless IDS systems and sensors. It also lists some well-known high-end commercial wireless IDS appliances.

Even though we have barely scratched the surface of the wireless security world, we hope that this book will be useful for you as both a wireless attack and defense guide and a reference. We hope to receive great feedback from our audience, mainly in the form of fewer insecure wireless networks in our Kismet output and new exciting wireless security tools, protocols, and methodologies showing up to make the contents of this book obsolete.

    Previous Section  < Day Day Up >  Next Section