| |  | Copyright |
| | | Acknowledgments |
| | | About the Authors |
| | | Introduction |
| |
| | Why Does Wi-Foo Exist and for Whom Did We Write It? |
| |
| | What About the Funky Name? |
| |
| | How This Book Is Organized |
| | |
Chapter 1.
Real World Wireless Security |
| |
| | Why Do We Concentrate on 802.11 Security? |
| |
| | Getting a Grip on Reality: Wide Open 802.11 Networks Around Us |
| |
| | The Future of 802.11 Security: Is It as Bright as It Seems? |
| |
| | Summary |
| | |
Chapter 2.
Under Siege |
| |
| | Why Are "They" After Your Wireless Network? |
| |
| | Wireless Crackers: Who Are They? |
| |
| | Corporations, Small Companies, and Home Users: Targets Acquired |
| |
| | Target Yourself: Penetration Testing as Your First Line of Defense |
| |
| | Summary |
| | |
Chapter 3.
Putting the Gear Together: 802.11 Hardware |
| |
| | PDAs Versus Laptops |
| |
| | PCMCIA and CF Wireless Cards |
| |
| | Antennas |
| |
| | RF Amplifiers |
| |
| | RF Cables and Connectors |
| |
| | Summary |
| | |
Chapter 4.
Making the Engine Run: 802.11 Drivers and Utilities |
| |
| | Operating System, Open Source, and Closed Source |
| |
| | The Engine: Chipsets, Drivers, and Commands |
| |
| | Getting Used to Efficient Wireless Interface Configuration |
| |
| | Summary |
| | |
Chapter 5.
Learning to WarDrive: Network Mapping and Site Surveying |
| |
| | Active Scanning in Wireless Network Discovery |
| |
| | Monitor Mode Network Discovery and Traffic Analysis Tools |
| |
| | Tools That Use the iwlist scan Command |
| |
| | RF Signal Strength Monitoring Tools |
| |
| | Summary |
| | |
Chapter 6.
Assembling the Arsenal: Tools of the Trade |
| |
| | Encryption Cracking Tools |
| |
| | Wireless Frame-Generating Tools |
| |
| | Wireless Encrypted Traffic Injection Tools: Wepwedgie |
| |
| | Access Point Management Utilities |
| |
| | Summary |
| | |
Chapter 7.
Planning the Attack |
| |
| | The "Rig" |
| |
| | Network Footprinting |
| |
| | Site Survey Considerations and Planning |
| |
| | Proper Attack Timing and Battery Power Preservation |
| |
| | Stealth Issues in Wireless Penetration Testing |
| |
| | An Attack Sequence Walk-Through |
| |
| | Summary |
| | |
Chapter 8.
Breaking Through |
| |
| | The Easiest Way to Get in |
| |
| | A Short Fence to Climb: Bypassing Closed ESSIDs, MAC, and Protocols Filtering |
| |
| | Picking a Trivial Lock: Various Means of Cracking WEP |
| |
| | Picking the Trivial Lock in a Less Trivial Way: Injecting Traffic to Accelerate WEP Cracking |
| |
| | Field Observations in WEP Cracking |
| |
| | Cracking TKIP: The New Menace |
| |
| | The Frame of Deception: Wireless Man-in-the-Middle Attacks and Rogue Access Points Deployment |
| |
| | Breaking the Secure Safe |
| |
| | The Last Resort: Wireless DoS Attacks |
| |
| | Summary |
| | |
Chapter 9.
Looting and Pillaging: The Enemy Inside |
| |
| | Step 1: Analyze the Network Traffic |
| |
| | Step 2: Associate to WLAN and Detect Sniffers |
| |
| | Step 3: Identify the Hosts Present and Perform Passive Operating System Fingerprinting |
| |
| | Step 4: Scan and Exploit Vulnerable Hosts on WLAN |
| |
| | Step 5: Take the Attack to the Wired Side |
| |
| | Step 6: Check Wireless-to-Wired Gateway Egress Filtering Rules |
| |
| | Summary |
| | |
Chapter 10.
Building the Citadel: An Introduction to Wireless LAN Defense |
| |
| | Wireless Security Policy: The Cornerstone |
| |
| | Layer 1 Wireless Security Basics |
| |
| | The Usefulness of WEP, Closed ESSIDs, MAC Filtering, and SSH Port Forwarding |
| |
| | Secure Wireless Network Positioning and VLANs |
| |
| | Deploying a Linux-Based, Custom-Built Hardened Wireless Gateway |
| |
| | Proprietary Improvements to WEP and WEP Usage |
| |
| | 802.11i Wireless Security Standard and WPA: The New Hope |
| |
| | Summary |
| | |
Chapter 11.
Introduction to Applied Cryptography: Symmetric Ciphers |
| |
| | Introduction to Applied Cryptography and Steganography |
| |
| | Modern-Day Cipher Structure and Operation Modes |
| |
| | Bit by Bit: Streaming Ciphers and Wireless Security |
| |
| | The Quest for AES |
| |
| | Between DES and AES: Common Ciphers of the Transition Period |
| |
| | Selecting a Symmetric Cipher for Your Networking or Programming Needs |
| |
| | Summary |
| | |
Chapter 12.
Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms |
| |
| | Cryptographic Hash Functions |
| |
| | Dissecting an Example Standard One-Way Hash Function |
| |
| | Hash Functions, Their Performance, and HMACs |
| |
| | Asymmetric Cryptography: A Different Animal |
| |
| | Summary |
| | |
Chapter 13.
The Fortress Gates: User Authentication in Wireless Security |
| |
| | RADIUS |
| |
| | Installation of FreeRADIUS |
| |
| | User Accounting |
| |
| | RADIUS Vulnerabilities |
| |
| | RADIUS-Related Tools |
| |
| | 802.1x: The Gates to Your Wireless Fortress |
| |
| | LDAP |
| |
| | NoCat: An Alternative Method of Wireless User Authentication |
| |
| | Summary |
| | |
Chapter 14.
Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs |
| |
| | Why You Might Want to Deploy a VPN |
| |
| | VPN Topologies Review: The Wireless Perspective |
| |
| | Common VPN and Tunneling Protocols |
| |
| | Alternative VPN Implementations |
| |
| | The Main Player in the Field: IPSec Protocols, Operations, and Modes Overview |
| |
| | Deploying Affordable IPSec VPNs with FreeS/WAN |
| |
| | Summary |
| | |
Chapter 15.
Counterintelligence: Wireless IDS Systems |
| |
| | Categorizing Suspicious Events on WLANs |
| |
| | Examples and Analysis of Common Wireless Attack Signatures |
| |
| | Radars Up! Deploying a Wireless IDS Solution for Your WLAN |
| |
| | Summary |
| |
| | Afterword |
| | |
Appendix A.
Decibel–Watts Conversion Table |
| | |
Appendix B.
802.11 Wireless Equipment |
| | |
Appendix C.
Antenna Irradiation Patterns |
| |
| | Omni-Directionals: |
| |
| | Semi-Directionals: |
| |
| | Highly-directionals |
| | |
Appendix D.
Wireless Utilities Manpages |
| |
| |
Section 1.
Iwconfig |
| |
| |
Section 2.
Iwpriv |
| |
| |
Section 3.
Iwlist |
| |
| |
Section 4.
Wicontrol |
| |
| |
Section 5.
Ancontrol |
| | |
Appendix E.
Signal Loss for Obstacle Types |
| | |
Appendix F.
Warchalking Signs |
| |
| | Original Signs |
| |
| | Proposed New Signs |
| | |
Appendix G.
Wireless Penetration Testing Template |
| |
| | Arhont Ltd Wireless Network Security and Stability Audit Checklist Template |
| |
| |
Section 1.
Reasons for an audit |
| |
| |
Section 2.
Preliminary investigations |
| |
| |
Section 3.
Wireless site survey |
| |
| |
Section 4.
Network security features present |
| |
| |
Section 5.
Network problems / anomalies detected |
| |
| |
Section 6.
Wireless penetration testing procedure |
| |
| |
Section 7.
Final recommendations |
| | |
Appendix H.
Default SSIDs for Several Common 802.11 Products |
| | |
Glossary |
| | | Index |
