networking without wires introduces a whole new set of vulnerabilities from an entirely different perspective.
This brings us to the concept of ethical hacking. Ethical hacking — sometimes referred to as white-hat hacking — means the use of hacking to test and improve defenses against un ethical hackers. It’s often compared to penetration testing and vulnerability testing, but it goes even deeper. Ethical hacking involves using the same tools and techniques the bad guys use, but it also involves extensive up-front planning, a group of specific tools, complex testing methodologies, and sufficient follow-up to fix any problems before the bad guys — the black- and gray-hat hackers — find and exploit them.
Understanding the various threats and vulnerabilities associated with 802.11-based wireless networks — and ethically hacking them to make them more secure — is what this book is all about. Please join in on the fun.
In this chapter, we’ll take a look at common threats and vulnerabilities associated with wireless networks. We’ll also introduce you to some essential wireless security tools and tests you should run in order to strengthen your airwaves.
Why You Need to Test
Your Wireless Systems
Wireless networks have been notoriously insecure since the early days of the 802.11b standard of the late 1990s. Since the standard’s inception, major 802.11 weaknesses, such as physical security weaknesses, encryption flaws, and authentication problems, have been discovered. Wireless attacks have been on the rise ever since. The problem has gotten so bad that two wireless security standards have emerged to help fight back at the attackers: ߜ Wi-Fi Protected Access (WPA): This standard, which was developed by the Wi-Fi Alliance, served as an interim fix to the well-known WEP vulnerabilities until the IEEE came out with the 802.11i standard.
ߜ IEEE 802.11i (referred to as WPA2): This is the official IEEE standard, which incorporates the WPA fixes for WEP along with other encryption and authentication mechanisms to further secure wireless networks.
These standards have resolved many known security vulnerabilities of the 802.11a/b/g protocols. As with most security standards, the problem with these wireless security solutions is not that the solutions don’t work — it’s that many network administrators are resistant to change and don’t fully implement them.
Many administrators don’t want to reconfigure their existing wireless systems 06_597302_ch01.qxd 8/4/05 7:28 PM Page 11
Chapter 1: Introduction to Wireless Hacking
11
and don’t want to have to implement new security mechanisms for fear of making their networks more difficult to manage. These are legitimate concerns, but they leave many wireless networks vulnerable and waiting to be compromised.
Even after you have implemented WPA, WPA2, and the various other wireless protection techniques described in this book, your network may still be at risk. This can happen when (for example) employees install unsecured wireless access points or gateways on your network without you knowing about it. In our experience — even with all the wireless security standards and vendor solutions available — the majority of systems are still wide open to attack. Bottom line: Ethical hacking isn’t a do-it-once-and-forget-it measure.
It’s like an antivirus upgrade — you have to do it again from time to time.
Knowing the dangers your systems face
Before we get too deep into the ethical-hacking process, it will help to define a couple of terms that we’ll be using throughout this book. They are as follows: ߜ Threat: A threat is an indication of intent to cause disruption within an information system. Some examples of threat agents are hackers, dis-gruntled employees, and malicious software (malware) such as viruses or spyware that can wreak havoc on a wireless network.
ߜ Vulnerability: A vulnerability is a weakness within an information system that can be
Douglas Preston, Lincoln Child