different. If you practice regularly, you’ll find a routine that works best for you. Don’t forget to keep up with the latest hacker tricks and wireless-network vulnerabilities. That’s the best way to hone your skills and stay on top of your game. Be ethical, be methodical, and be safe —
happy hacking!
05_597302_pt01.qxd 8/4/05 6:59 PM Page 7
Part I
Building the
Foundation for
Testing Wireless
Networks
05_597302_pt01.qxd 8/4/05 6:59 PM Page 8
In this part . . .
Welcome to the wireless frontier. A lot of enemies
and potholes lurk along the journey of designing,
installing, and securing IEEE 802.11-based networks — but the payoffs are great. Learning the concepts of wireless security is an eye-opening experience. After you get the basics down, you’ll be the security wizard in your organization, and you’ll know that all the information floating through thin air is being protected.
If you’re new to ethical hacking, this is the place to begin.
The chapters in this part get you started with information on what to do, how to do it, and what tools to use when
you’re hacking your own wireless systems. We not only
talk about what to do, but also about something equally
important: what not to do. This information will guide, entertain, and start you off in the right direction to make sure your ethical-hacking experiences are positive and
effective.
06_597302_ch01.qxd 8/4/05 7:28 PM Page 9
Chapter 1
Introduction to Wireless Hacking
In This Chapter
ᮣ Understanding the need to test your wireless systems
ᮣ Wireless vulnerabilities
ᮣ Thinking like a hacker
ᮣ Preparing for your ethical hacks
ᮣ Important security tests to carry out
ᮣ What to do when you’re done testing
Wireless local-area networks — often referred to as WLANs or Wi-Fi networks — are all the rage these days. People are installing them in their offices, hotels, coffee shops, and homes. Seeking to fulfill the wireless demands, Wi-Fi product vendors and service providers are popping up just about as fast as the dot-coms of the late 1990s. Wireless networks offer convenience, mobility, and can even be less expensive to implement than wired networks in many cases. Given the consumer demand, vendor solutions, and industry standards, wireless-network technology is real and is here to stay.
But how safe is this technology?
Wireless networks are based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 set of standards for WLANs. In case you’ve ever wondered, the IEEE 802 standards got their name from the year and month this group was formed — February 1980. The “.11” that refers to the wireless LAN
working group is simply a subset of the 802 group. There’s a whole slew of industry groups involved with wireless networking, but the two main players are the IEEE 802.11 working group and the Wi-Fi Alliance.
Years ago, wireless networks were only a niche technology used for very specialized applications. These days, Wi-Fi systems have created a multibillion-dollar market and are being used in practically every industry — and in every size organization from small architectural firms to the local zoo. But with this increased exposure comes increased risk: The widespread use of wireless systems has helped make them a bigger target than the IEEE ever bargained for.
(Some widely publicized flaws such as the Wired Equivalent Privacy (WEP) weaknesses in the 802.11 wireless-network protocol haven’t helped things, either.) And, as Microsoft has demonstrated, the bigger and more popular you are, the more attacks you’re going to receive.
06_597302_ch01.qxd 8/4/05 7:28 PM Page 10
10 Part I: Building the Foundation for Testing Wireless Networks With the convenience, cost savings, and productivity gains of wireless networks come a whole slew of security risks. These aren’t the common security issues, such as spyware, weak passwords, and missing patches. Those weaknesses still exist; however,